DefaultFilesMiddleware was changed (3.0 to 3.1) to redirect to full urls (domain including) but it's using the wrong domain behind FrontDoor or other proxies #21561
Description
Describe the bug
In Asp.Net 3.0 the DefaultFilesMiddleware was doing the Paths redirect (e.g. from /folder to /folder/) by doing a Path only Redirect (Location: /folder/)
This was changed in Asp.Net 3.1 to include the full incoming domain with no reasoning for the change:
This issue (which has no reasoning behind it why the change is required or what it actually fixes or improves) #10473 this merge: #10996
This is the line that was changed that now includes the request.Host:
This can pose a problem if you run the website behind any kind of reverse proxy that does URL rewriting. For example this breaks if the site is in front of Azure FrontDoor.
Azure FrontDoor is configured for mydomain.com and redirects requests to few backend pools of Azure Websites configured as: mydomain1.azurewebsites.net, mydomain2.azurewebsites.net...
When a request now comes to https://mydomain.com/folder the DefaultFilesMiddleware instead of redirecting to /folder/ will redirect to https://mydomain1.azurewebsites.net/folder/ which is wrong.
To Reproduce
No much required to reproduce. The simple repro is to navigate in any new Asp.Net 3.1 website into a folder without the trailing slash and check that the Location header returns a full url vs just the path.
There seems to be no way to disable this behavior without implementing my own DefaultFilesMiddleware and no explanation why the change was required.
Further technical details
- ASP.NET Core version 3.1.100