The proxied request path is URI decoded #1575
Comments
|
The bug was introduced in #1547 As far as I understand in the discussion the issue is the double / is merged into only one /. |
|
Actually the bug is a combination of URI-unescaping together with normalization. According to https://www.w3.org/Addressing/URL/4_URI_Recommentations.html URL-sensitive characters
Currently |
|
The logging is not a problem |
|
@rkeytacked ok thanks |
|
I tested the output of The issue here is that the escaped characters are not preserved for the request path received by the backend. |
|
@NorthFury do you mean that it's not the linked change that causes the problem? #1547 |
|
/cc @tomlarkworthy |
|
My suggestion is to revert #1547 and so return to earlier behavior, and to support the use case of #1547 , we should create a filter that achieves the same. @tomlarkworthy would this approach work for you? |
|
@aryszka Actually I would feel better not to decode the slash %2F. Then the URL normalization would also not hurt anymore. |
|
Actually this very commit wanted to avoid what is happening right now: d79a87f Somehow the intention is not met. |
|
The proposal to to the normalization using a filter is the better approach for a proxy. A request in general and more specifically the request path should not be mutated unless explicitly via a filter or a flag. |
|
@NorthFury but that also means that decoding %-characters should only happen if wanted, right? |
|
@rkeytacked yes, any change to the request path should be explicit. |
|
My original issue is that the regex path filers diverge from what gets sent upstream. So even if you set a filter, you might get something different hit upstream that looks like it should have been filtered out. This is being observed in our services ATM. Adding an additional explicit normalize filter would satisfy our needs, but I kind of feel by setting a PathFilter I have already opted into a certain shape of upstream request, so I think what would be cleanest is if the PathFilter does the url normalization mutation? So not a different normalization filter, this should be done by the PathFilter? But would that break your use case @NorthFury ? |
|
@tomlarkworthy do you mean the Path predicate, if you write about PathFilter? |
|
@tomlarkworthy I don't have specific requirements apart for not to decode the reserved characters. Let me summarize the problem as I understand it and various directions this can go into. Here are the normalization changes that can be applied:
One thing to note is that for route matching, the match for encoded characters should be case insensitive, for example One solution for this would be to enforce a redirect to a normalized version of the URL. This can be done via a filter. What this doesn't solve is the fact that the same normalization flow should be applied to the route matching. Another approach is to normalize the path from the start. The question remains if one should be able to control this behavior via a flag. If the flag is set in order not to normalize the path, this needs to happen only on matching. This particular approach could also benefit from having a filter to enforce a normalized path if required. It feels like providing the path normalization from the start of the request offers a few distinct advantages. |
|
OK an explicit opt-in normalization filter seems to be safest choice. |
|
@NorthFury I think we can close this issue and create a new one to add the requested filter, right? |
Describe the bug
Skipper mutates the request path and decodes the encoded characters.
To Reproduce
Have a stub service on 8082 logging the request path.
Start skipper with the following routes:
test: * -> "http://localhost:8082";Requests executed:
The logged request paths were:
Expected behavior
Keep the encoded characters as they were.
Observed behavior
The encoded characters were decoded and even more, the double slash was normalized to one slash because those characters were no longer encoded.
The text was updated successfully, but these errors were encountered: