Rejected urls when not normalized

[pmauduit]

Encountered on recent versions of the Security-Proxy (master), along with a 1.7 cadastrapp tag: If the urls are not "normalized" (i.e. containing for example double-slash), they can be rejected by the Security-Proxy because a new spring-security filter won't allow them by default:

$ curl -i "http://proxy.georchestra:8080/cadastrapp/services//getImageBordereau?parcelle=dddd"
[...]

<p>Problem accessing /cadastrapp/services//getImageBordereau. Reason:
<pre>    Server Error</pre></p><h3>Caused by:</h3><pre>org.springframework.security.web.firewall.RequestRejectedException: The request was rejected because the URL was not normalized.

We applied the following patch on a 1.7-derived version to adress the issue:

diff --git a/addons/cadastrapp/js/detailUniteCadastrale.js b/addons/cadastrapp/js/detailUniteCadastrale.js
index 40df07f..1c1fb3a 100644
--- a/addons/cadastrapp/js/detailUniteCadastrale.js
+++ b/addons/cadastrapp/js/detailUniteCadastrale.js
@@ -173,7 +173,7 @@ GEOR.Addons.Cadastre.displayFIUC = function(parcelleId) {
         var fiucProprietaireStore = new Ext.data.JsonStore({
 
             // Appel à la webapp
-            url : GEOR.Addons.Cadastre.cadastrappWebappUrl + '/getProprietairesByParcelles?parcelles=' + parcelleId,
+            url : GEOR.Addons.Cadastre.cadastrappWebappUrl + 'getProprietairesByParcelles?parcelles=' + parcelleId,
             autoLoad : true,
 
             // Champs constituant l'onglet propriétaire
diff --git a/addons/cadastrapp/js/searchCoPropriete.js b/addons/cadastrapp/js/searchCoPropriete.js
index 834f415..3aa155a 100644
--- a/addons/cadastrapp/js/searchCoPropriete.js
+++ b/addons/cadastrapp/js/searchCoPropriete.js
@@ -221,7 +221,7 @@ GEOR.Addons.Cadastre.initRechercheCoPropriete = function() {
                         // envoi des données d'une form
                         Ext.Ajax.request({
                             method : 'GET',
-                            url : GEOR.Addons.Cadastre.cadastrappWebappUrl + '/getCoProprietaireList',
+                            url : GEOR.Addons.Cadastre.cadastrappWebappUrl + 'getCoProprietaireList',
                             params : requestparam,
                             success : function(response) {
 
@@ -270,4 +270,4 @@ GEOR.Addons.Cadastre.initRechercheCoPropriete = function() {
         } ]
     });
 
-};
\ No newline at end of file
+};

Mainly grepping "cadastrappWebappUrl" and removing extra slashes.

Note: this seems to have been fixed in master.

[pierrejego]

Hello,
yes it was done only since 1.8 version see #460

[pmauduit]

sorry for the duplicate

[MaelREBOUX]

https://github.com/georchestra/cadastrapp/wiki/Releases#v-18-juillet-2019

you are pardoned v1.8 fixes lot of things. I suggest to upgrade to as soon as possible.