Loading...

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 34.0.0.Beta1, 34.0.0.Final
Affects Version/s: 14.0.0.Beta2
Component/s: Web (Undertow)
Labels:
- downstream_dependency

Steps to Reproduce:
Hide

unzip WildFly and start via ./bin/standalone.sh

in CLI perform following operations:

/subsystem=undertow/server=default-server/host=default-host/setting=access-log:add() /subsystem=undertow/server=default-server/http-listener=default:write-attribute(name=allow-unescaped-characters-in-url,value=true) /subsystem=undertow/server=default-server/https-listener=https:write-attribute(name=allow-unescaped-characters-in-url,value=true) /subsystem=undertow/server=default-server/host=default-host/setting=access-log:write-attribute(name=use-server-log, value=false) deploy helloworld.war reload

Now try to access WildFly server:

# First against HTTP listener: curl "http://localhost:8080/helloworld/한글이름_test.html?param=한글이름_ahoy" -v >/dev/null # Check result in access log # Now try against HTTPS listener: curl "https://localhost:8443/helloworld/한글이름_test.html?param=한글이름_ahoy" -v >/dev/null --insecure # Check result in access log
Show
unzip WildFly and start via ./bin/standalone.sh in CLI perform following operations: /subsystem=undertow/server= default -server/host= default -host/setting=access-log:add() /subsystem=undertow/server= default -server/http-listener= default :write-attribute(name=allow-unescaped-characters-in-url,value= true ) /subsystem=undertow/server= default -server/https-listener=https:write-attribute(name=allow-unescaped-characters-in-url,value= true ) /subsystem=undertow/server= default -server/host= default -host/setting=access-log:write-attribute(name=use-server-log, value= false ) deploy helloworld.war reload Now try to access WildFly server: # First against HTTP listener: curl "http: //localhost:8080/helloworld/한글이름_test.html?param=한글이름_ahoy" -v >/dev/ null # Check result in access log # Now try against HTTPS listener: curl "https: //localhost:8443/helloworld/한글이름_test.html?param=한글이름_ahoy" -v >/dev/ null --insecure # Check result in access log

Since the time of EAP7.1.1.CP there is a possibility to allow unescaped characters in URL requests from clients to server. This was allowed first by setting org.wildfly.undertow.ALLOW_UNESCAPED_CHARACTERS_IN_URL=true system property introduced by ~~UNDERTOW-1185~~. Now we have a new attribute for this in Wildfly in AJP, HTTP and HTTPS listeners allow-unescaped-characters-in-url.

However this does not seem to work correctly. There have been some fixes for AJP listener already ~~UNDERTOW-1386~~, ~~UNDERTOW-1386~~ and ~~UNDERTOW-1399~~ (the last one not included in WildFly 14.0.0.Beta2 yet). However HTTP/HTTPS listener seems to be broken too.

When HTTP request with unescaped characters is performed against server:

curl "http://localhost:8080/helloworld/한글이름_test.html?param=한글이름_ahoy" -v >/dev/null

we get 200 OK HTTP response, although the result in access log looks like:

HTTP actual result

127.0.0.1 - - [27/Aug/2018:09:17:39 +0200] "GET /helloworld/íê¸ì´ë¦
                                                                       _test.html?param=íê¸ì´ë¦
                                                                                                   _ahoy HTTP/1.1" 200 950

but we expect following:

HTTP expected result

127.0.0.1 - - [27/Aug/2018:08:40:47 +0200] "GET /helloworld/한글이름_test.html?param=한글이름_ahoy HTTP/1.1" 200 950

Slightly different problem seems to be also for HTTPS listener. When we perform HTTPS request against WildFly:

curl "https://localhost:8443/helloworld/한글이름_test.html?param=한글이름_ahoy" -v >/dev/null --insecure

we receive 404 Not Found HTTP response and following record in access.log:

Unable to find source-code formatter for language: https actual result. Available languages are: actionscript, ada, applescript, bash, c, c#, c++, cpp, css, erlang, go, groovy, haskell, html, java, javascript, js, json, lua, none, nyan, objc, perl, php, python, r, rainbow, ruby, scala, sh, sql, swift, visualbasic, xml, yaml

127.0.0.1 - - [27/Aug/2018:09:18:37 +0200] "GET /helloworld/￭ﾕﾜ￪ﾸﾀ￬ﾝﾴ￫ﾦﾄ_test.html?param=￭ﾕﾜ￪ﾸﾀ￬ﾝﾴ￫ﾦﾄ_ahoy HTTP/2.0" 404 68

however expected result should be similar to what we expect for HTTP, I guess.

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

helloworld.war
4 kB
2018/08/27 3:25 AM

clones

JBEAP-21293 [GSS](7.4.z) UNDERTOW-2312 - Unescaped characters in URL from client does not work correctly when allowed for HTTP and HTTPS listeners

Ready for QA

is blocked by

WFLY-19684 Upgrade WildFly Core to 26.0.0.Beta3

Resolved

is related to

UNDERTOW-1185 Undertow does not allow UTF-8 characters in URLs

Resolved

UNDERTOW-1385 url-charset="UTF-8" didn't work in ajp-listener

Resolved

UNDERTOW-1386 multibytes language in URL request to ajp-listener are broken in EAP access log.

Resolved

UNDERTOW-1399 multibytes language in URL query part of request to ajp-listener is broken

Resolved

(1 is related to)

Details

Description

Attachments

Attachments

Issue Links

Activity

People

Dates