AspNetCoreServer: HTTP API v2 integration double escaped URL parameters #720
Description
Description
AspNetCoreServer.APIGatewayHttpApiV2ProxyFunction URL-escapes the query string, but since it is receiving the raw, escaped query string from the API gateway this will result in a double escaping. MVC strips out one level of escaping, but that means that the web API controllers get escaped values rather than unescaped values.
This is done here in the code: https://github.com/aws/aws-lambda-dotnet/blob/master/Libraries/src/Amazon.Lambda.AspNetCoreServer/Internal/Utilities.cs#L121-L148
I have verified with a minimal Python lambda that just returns the 2.0 event as a JSON response that the query string in the event is already escaped.
Reproduction Steps
Test performed with a minimal controller based on serverless.AspNetCoreWebAPI but adapted to use HTTP API v2 instead.
Entry point:
public class LambdaEntryPoint : Amazon.Lambda.AspNetCoreServer.APIGatewayHttpApiV2ProxyFunction
{
protected override void Init(IWebHostBuilder builder)
{
builder.UseStartup<Startup>();
}
}
Controller:
[Route("api/[controller]")]
public class ValuesController : ControllerBase
{
// GET api/values
[HttpGet]
public IActionResult Get([FromQuery] string a)
{
return Ok(new
{
A = a,
RawQuery = Request.QueryString.ToString(),
});
}
}
Setting up a HTTP v2 integration and calling it with /api/values?a=b%3Dc produces the following output:
{
"a": "b%3Dc",
"rawQuery" : "?a=b%253Dc"
}
The expected output is that a should have the unescaped value b=c.
Environment
Build Version:
<PackageReference Include="AWSSDK.Extensions.NETCore.Setup" Version="3.3.100.1" />
<PackageReference Include="Amazon.Lambda.AspNetCoreServer" Version="5.1.1" />
Targeted .NET Platform: Native .NET Core 3.1 runtime
Resolution
- 👋 I can/would-like-to implement a fix for this problem myself
This is a 🐛 bug-report