[undertow-dev] [1.4.23.Final] Invalid character | in request-target
Stuart Douglas
sdouglas at redhat.com
Thu Jul 12 19:23:51 EDT 2018
The io.undertow.UndertowOptions#ALLOW_UNESCAPED_CHARACTERS_IN_URL option
allows you to control this.
Stuart
On Fri, Jul 13, 2018 at 2:23 AM Brad Wood <bdw429s at gmail.com> wrote:
> I just had a user who updated to the latest version of my Undertow-powered
> server report an error when his query string contained unencoded pipe
> characters. (error at the bottom) This didn't happen in older versions but
> appears to be a valid check. In this case, my user has no control over the
> URL that's being sent to his site as it comes from a Microsoft Office365
> app that opens a popup window to one of his URLs for authentication. It
> looks like this:
>
>
> https://127.0.0.1:1443/index.cfm/login:main/index?_host_Info=outlook|web|16.01|en-us|89b212f8-4618-9ca2-bcf7-f1e8cb0969be|isDialog
>
> I have a feeling this is "working as designed" but is there a way to relax
> the validation here as he has no control over this URL and it is a hard
> stop for him?
>
> [DEBUG] io.undertow.request.io: UT005014: Failed to parse request
> io.undertow.util.BadRequestException: UT000165: Invalid character | in
> request-target
> at
> io.undertow.server.protocol.http.HttpRequestParser.handleQueryParameters(HttpRequestParser.java:523)
> at
> io.undertow.server.protocol.http.HttpRequestParser.beginQueryParameters(HttpRequestParser.java:486)
> at
> io.undertow.server.protocol.http.HttpRequestParser.handlePath(HttpRequestParser.java:410)
> at
> io.undertow.server.protocol.http.HttpRequestParser.handle(HttpRequestParser.java:248)
> at
> io.undertow.server.protocol.http.HttpReadListener.handleEventWithNoRunningRequest(HttpReadListener.java:187)
> at
> io.undertow.server.protocol.http.HttpReadListener.handleEvent(HttpReadListener.java:136)
> at
> io.undertow.server.protocol.http.HttpOpenListener.handleEvent(HttpOpenListener.java:151)
> at
> io.undertow.server.protocol.http.HttpOpenListener.handleEvent(HttpOpenListener.java:92)
> at
> io.undertow.server.protocol.http.HttpOpenListener.handleEvent(HttpOpenListener.java:51)
> at
> org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
> at
> org.xnio.ChannelListeners$10.handleEvent(ChannelListeners.java:291)
> at
> org.xnio.ChannelListeners$10.handleEvent(ChannelListeners.java:286)
> at
> org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
> at
> org.xnio.nio.QueuedNioTcpServer$1.run(QueuedNioTcpServer.java:129)
> at org.xnio.nio.WorkerThread.safeRun(WorkerThread.java:582)
> at org.xnio.nio.WorkerThread.run(WorkerThread.java:466)
>
> Thanks!
>
> ~Brad
>
> *Developer Advocate*
> *Ortus Solutions, Corp *
>
> E-mail: brad at coldbox.org
> ColdBox Platform: http://www.coldbox.org
> Blog: http://www.codersrevolution.com
>
> _______________________________________________
> undertow-dev mailing list
> undertow-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/undertow-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/undertow-dev/attachments/20180713/4754bd16/attachment.html
More information about the undertow-dev
mailing list