The io.undertow.UndertowOptions#ALLOW_UNESCAPED_CHARACTERS_IN_URL option allows you to control this.

Stuart

On Fri, Jul 13, 2018 at 2:23 AM Brad Wood <bdw429s@gmail.com> wrote:
I just had a user who updated to the latest version of my Undertow-powered server report an error when his query string contained unencoded pipe characters.  (error at the bottom) This didn't happen in older versions but appears to be a valid check.  In this case, my user has no control over the URL that's being sent to his site as it comes from a Microsoft Office365 app that opens a popup window to one of his URLs for authentication.  It looks like this:

https://127.0.0.1:1443/index.cfm/login:main/index?_host_Info=outlook|web|16.01|en-us|89b212f8-4618-9ca2-bcf7-f1e8cb0969be|isDialog

I have a feeling this is "working as designed" but is there a way to relax the validation here as he has no control over this URL and it is a hard stop for him?

[DEBUG] io.undertow.request.io: UT005014: Failed to parse request
io.undertow.util.BadRequestException: UT000165: Invalid character | in request-target
        at io.undertow.server.protocol.http.HttpRequestParser.handleQueryParameters(HttpRequestParser.java:523)
        at io.undertow.server.protocol.http.HttpRequestParser.beginQueryParameters(HttpRequestParser.java:486)
        at io.undertow.server.protocol.http.HttpRequestParser.handlePath(HttpRequestParser.java:410)
        at io.undertow.server.protocol.http.HttpRequestParser.handle(HttpRequestParser.java:248)
        at io.undertow.server.protocol.http.HttpReadListener.handleEventWithNoRunningRequest(HttpReadListener.java:187)
        at io.undertow.server.protocol.http.HttpReadListener.handleEvent(HttpReadListener.java:136)
        at io.undertow.server.protocol.http.HttpOpenListener.handleEvent(HttpOpenListener.java:151)
        at io.undertow.server.protocol.http.HttpOpenListener.handleEvent(HttpOpenListener.java:92)
        at io.undertow.server.protocol.http.HttpOpenListener.handleEvent(HttpOpenListener.java:51)
        at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
        at org.xnio.ChannelListeners$10.handleEvent(ChannelListeners.java:291)
        at org.xnio.ChannelListeners$10.handleEvent(ChannelListeners.java:286)
        at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
        at org.xnio.nio.QueuedNioTcpServer$1.run(QueuedNioTcpServer.java:129)
        at org.xnio.nio.WorkerThread.safeRun(WorkerThread.java:582)
        at org.xnio.nio.WorkerThread.run(WorkerThread.java:466)

Thanks!

~Brad

Developer Advocate
Ortus Solutions, Corp 

ColdBox Platform: http://www.coldbox.org 

_______________________________________________
undertow-dev mailing list
undertow-dev@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/undertow-dev