I just had a user who updated to the latest version of my Undertow-powered server report an error when his query string contained unencoded pipe characters. (error at the bottom) This didn't happen in older versions but appears to be a valid check. In this case, my user has no control over the URL that's being sent to his site as it comes from a Microsoft Office365 app that opens a popup window to one of his URLs for authentication. It looks like this:
I have a feeling this is "working as designed" but is there a way to relax the validation here as he has no control over this URL and it is a hard stop for him?
io.undertow.util.BadRequestException: UT000165: Invalid character | in request-target
at io.undertow.server.protocol.http.HttpRequestParser.handleQueryParameters(HttpRequestParser.java:523)
at io.undertow.server.protocol.http.HttpRequestParser.beginQueryParameters(HttpRequestParser.java:486)
at io.undertow.server.protocol.http.HttpRequestParser.handlePath(HttpRequestParser.java:410)
at io.undertow.server.protocol.http.HttpRequestParser.handle(HttpRequestParser.java:248)
at io.undertow.server.protocol.http.HttpReadListener.handleEventWithNoRunningRequest(HttpReadListener.java:187)
at io.undertow.server.protocol.http.HttpReadListener.handleEvent(HttpReadListener.java:136)
at io.undertow.server.protocol.http.HttpOpenListener.handleEvent(HttpOpenListener.java:151)
at io.undertow.server.protocol.http.HttpOpenListener.handleEvent(HttpOpenListener.java:92)
at io.undertow.server.protocol.http.HttpOpenListener.handleEvent(HttpOpenListener.java:51)
at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
at org.xnio.ChannelListeners$10.handleEvent(ChannelListeners.java:291)
at org.xnio.ChannelListeners$10.handleEvent(ChannelListeners.java:286)
at org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
at org.xnio.nio.QueuedNioTcpServer$1.run(QueuedNioTcpServer.java:129)
at org.xnio.nio.WorkerThread.safeRun(WorkerThread.java:582)
at org.xnio.nio.WorkerThread.run(WorkerThread.java:466)