[wp-trac] [WordPress Trac] #64376: redirect_canonical() causes unnecessary 301 redirects for query string encoding variants (+ vs %20)
WordPress Trac
noreply at wordpress.org
Sun Apr 5 21:17:26 UTC 2026
#64376: redirect_canonical() causes unnecessary 301 redirects for query string
encoding variants (+ vs %20)
-------------------------------------------------+-------------------------
Reporter: robbertvancaem | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Future
| Release
Component: Canonical | Version:
Severity: normal | Resolution:
Keywords: has-patch has-unit-tests needs- | Focuses:
testing | performance
-------------------------------------------------+-------------------------
Comment (by jbiggs):
Just wanted to add my 2c here. I struggled with this for the whole of
Easter weekend until I figured out what was happening. Upon fixing the
issue I discovered this thread.
I can see how this could potentially be used to create a denial-of-service
condition on a site.
For example, if a host like Kinsta is ignoring UTM parameters for cache
variation (which it does), and repeated requests are sent just as the
homepage cache is about to expire using a URL such as
https://site.com/?utm_content=test:123, it could cause the homepage to
cache a 301 redirect loop. Once that redirect response is cached, all
users could be served the loop until the cache expires.
That is effectively what I was seeing happen to my site, although it
wasn't malicious, we were just getting that much Google Ads traffic that
occasionally it was happening by chance.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/64376#comment:12>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list