Since the time of EAP7.1.1.CP there is a possibility to allow unescaped characters in URL requests from clients to server. This was allowed first by setting org.wildfly.undertow.ALLOW_UNESCAPED_CHARACTERS_IN_URL=true system property introduced by UNDERTOW-1185. Now we have a new attribute for this in Wildfly in AJP, HTTP and HTTPS listeners allow-unescaped-characters-in-url.
However this does not seem to work correctly. There have been some fixes for AJP listener already UNDERTOW-1386, UNDERTOW-1386 and UNDERTOW-1399 (the last one not included in WildFly 14.0.0.Beta2 yet). However HTTP/HTTPS listener seems to be broken too.
When HTTP request with unescaped characters is performed against server:
curl "http://localhost:8080/helloworld/한글이름_test.html?param=한글이름_ahoy" -v >/dev/null
we get 200 OK HTTP response, although the result in access log looks like:
127.0.0.1 - - [27/Aug/2018:09:17:39 +0200] "GET /helloworld/íê¸ì´ë¦ _test.html?param=íê¸ì´ë¦ _ahoy HTTP/1.1" 200 950
but we expect following:
127.0.0.1 - - [27/Aug/2018:08:40:47 +0200] "GET /helloworld/한글이름_test.html?param=한글이름_ahoy HTTP/1.1" 200 950
Slightly different problem seems to be also for HTTPS listener. When we perform HTTPS request against WildFly:
curl "https://localhost:8443/helloworld/한글이름_test.html?param=한글이름_ahoy" -v >/dev/null --insecure
we receive 404 Not Found HTTP response and following record in access.log:
127.0.0.1 - - [27/Aug/2018:09:18:37 +0200] "GET /helloworld/■ユワ↑ᄌタ↓ンᄡ→ᆭト_test.html?param=■ユワ↑ᄌタ↓ンᄡ→ᆭト_ahoy HTTP/2.0" 404 68
however expected result should be similar to what we expect for HTTP, I guess.
- clones
-
JBEAP-18627 [GSS](7.3.z) WFLY-10929 - Unescaped characters in URL from client does not work correctly when allowed for HTTP and HTTPS listeners
- Closed
- is caused by
-
UNDERTOW-2312 multibytes language in URL request to http/https are broken in EAP access log.
- Closed
- is related to
-
UNDERTOW-1185 Undertow does not allow UTF-8 characters in URLs
- Resolved
-
UNDERTOW-1385 url-charset="UTF-8" didn't work in ajp-listener
- Resolved
-
UNDERTOW-1386 multibytes language in URL request to ajp-listener are broken in EAP access log.
- Resolved
-
UNDERTOW-1399 multibytes language in URL query part of request to ajp-listener is broken
- Resolved