[undertow-dev] [1.4.23.Final] Invalid character | in request-target
Brad Wood
bdw429s at gmail.com
Thu Jul 12 20:07:09 EDT 2018
Cool, thanks. I actually found that online after posting but for the life
of me couldn't figure out how to reply to my own topic on the mailing list
since you don't get Emailed for your own post and the web site doesn't seem
to have posting capabilities.
On a related note, hjave you considered switching to Google Groups or
something? The JBoss lists are seriously outdated. Like in an
embarrassing way :)
Thanks!
~Brad
*Developer Advocate*
*Ortus Solutions, Corp *
E-mail: brad at coldbox.org
ColdBox Platform: http://www.coldbox.org
Blog: http://www.codersrevolution.com
On Thu, Jul 12, 2018 at 6:24 PM Stuart Douglas <sdouglas at redhat.com> wrote:
> The io.undertow.UndertowOptions#ALLOW_UNESCAPED_CHARACTERS_IN_URL option
> allows you to control this.
>
> Stuart
>
> On Fri, Jul 13, 2018 at 2:23 AM Brad Wood <bdw429s at gmail.com> wrote:
>
>> I just had a user who updated to the latest version of my
>> Undertow-powered server report an error when his query string contained
>> unencoded pipe characters. (error at the bottom) This didn't happen in
>> older versions but appears to be a valid check. In this case, my user has
>> no control over the URL that's being sent to his site as it comes from a
>> Microsoft Office365 app that opens a popup window to one of his URLs for
>> authentication. It looks like this:
>>
>>
>> https://127.0.0.1:1443/index.cfm/login:main/index?_host_Info=outlook|web|16.01|en-us|89b212f8-4618-9ca2-bcf7-f1e8cb0969be|isDialog
>>
>> I have a feeling this is "working as designed" but is there a way to
>> relax the validation here as he has no control over this URL and it is a
>> hard stop for him?
>>
>> [DEBUG] io.undertow.request.io: UT005014: Failed to parse request
>> io.undertow.util.BadRequestException: UT000165: Invalid character | in
>> request-target
>> at
>> io.undertow.server.protocol.http.HttpRequestParser.handleQueryParameters(HttpRequestParser.java:523)
>> at
>> io.undertow.server.protocol.http.HttpRequestParser.beginQueryParameters(HttpRequestParser.java:486)
>> at
>> io.undertow.server.protocol.http.HttpRequestParser.handlePath(HttpRequestParser.java:410)
>> at
>> io.undertow.server.protocol.http.HttpRequestParser.handle(HttpRequestParser.java:248)
>> at
>> io.undertow.server.protocol.http.HttpReadListener.handleEventWithNoRunningRequest(HttpReadListener.java:187)
>> at
>> io.undertow.server.protocol.http.HttpReadListener.handleEvent(HttpReadListener.java:136)
>> at
>> io.undertow.server.protocol.http.HttpOpenListener.handleEvent(HttpOpenListener.java:151)
>> at
>> io.undertow.server.protocol.http.HttpOpenListener.handleEvent(HttpOpenListener.java:92)
>> at
>> io.undertow.server.protocol.http.HttpOpenListener.handleEvent(HttpOpenListener.java:51)
>> at
>> org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
>> at
>> org.xnio.ChannelListeners$10.handleEvent(ChannelListeners.java:291)
>> at
>> org.xnio.ChannelListeners$10.handleEvent(ChannelListeners.java:286)
>> at
>> org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
>> at
>> org.xnio.nio.QueuedNioTcpServer$1.run(QueuedNioTcpServer.java:129)
>> at org.xnio.nio.WorkerThread.safeRun(WorkerThread.java:582)
>> at org.xnio.nio.WorkerThread.run(WorkerThread.java:466)
>>
>> Thanks!
>>
>> ~Brad
>>
>> *Developer Advocate*
>> *Ortus Solutions, Corp *
>>
>> E-mail: brad at coldbox.org
>> ColdBox Platform: http://www.coldbox.org
>> Blog: http://www.codersrevolution.com
>>
>> _______________________________________________
>> undertow-dev mailing list
>> undertow-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/undertow-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/undertow-dev/attachments/20180712/b26b35cf/attachment.html
More information about the undertow-dev
mailing list