New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Slashes (/
) are not URL-encoded in Uri string representation in query parameters
#2445
Comments
I see the same behavior with the following: $amm
Loading...
Welcome to the Ammonite Repl 1.0.3
(Scala 2.12.4 Java 1.8.0_112)
If you like Ammonite, please support our development at www.patreon.com/lihaoyi
@ import $ivy.`org.http4s::http4s-core:0.20.0`
imimport $ivy.$
@ import org.http4s.Uri
import org.http4s.Uri
@ Uri.uri("a.b.c").withQueryParam("param1", "1+2/3").renderString
res3: String = "a.b.c?param1=1%2B2/3" |
Uri#uri uses Uri#fromString includes a comment:
https://tools.ietf.org/html/rfc3986#section-3.4 notes:
Looking at the parser of the Query, I see Can you please comment, @rossabaker, since, as I understand, git blame shows that you wrote that code? |
I think the last sentence of that RFC is why we stopped encoding those. A compliant implementation should treat these as equivalent, but it's a notoriously hard spec to get right. It would be nice if we kept the original encoding in cases where the spec permits two equivalent encodings, to work around buggy implementations. This is a use case to consider when we redesign the |
Hi! Is there some workaround to change the encoding behavior? I'm doing something with Spotify API and the authorization process requires a But if a manually build the url using If I try to do the same with the query parameters before passing them to Uri, the encoding I did is replaced with something else which also does not work. |
I've found a way:
If I put everything in path and the Uri kept the String intact. Then I can encode myself before creating the Uri. With this approach, I could complete the authorization in Spotify and get the code. Credits to @alexandredantas |
This is something that should be cleaned up in #3221, or a follow-up to it. Some relevant discussion from http4s-dev Gitter today. |
I have tried new version here https://github.com/http4s/http4s/releases/tag/v0.21.13 and it's already fixed this issue and the workaround with scala> val uri = Uri.uri("/some/url?param1=1%2B2%2F3")
val uri: org.http4s.Uri = /some/url?param1=1%2B2%2F3
scala> val uri2 = Uri(path = "http://foo.com/frunfles?redirect_uri=http://bar.com/quux")
val uri2: org.http4s.Uri = ./http://foo.com/frunfles?redirect_uri=http://bar.com/quux This PR seems to fix this issue accidentally 😄 |
Fortunately, I'm not using the path workaround anymore. I've replaced it with This is an Ammonite script to check it (v0.21.14):
|
Still seems problematic. Needs to be part of a grand URI rethink. scala> uri"/some/url?param1=1%2B2%2F3"
val res2: org.http4s.Uri = /some/url?param1=1%2B2/3 |
Hi all,
We have been using
http4s
in our project and we recently noticed that slashes (/
) are not URL-encoded in query parameters.For example, let's say we have the following URL:
where basically the value of
param1
is1+2/3
.What we get from the URI's string representation is:
The reason we need this is that our clients are expected to sign the URL-encoded uri.
However, most of the other libraries and tools, URL-encode slashes properly when they appear in query parameters, which causes us problems when trying to validate our clients' signatures.
Is there a reason why this is happening? Is it a bug or a conscious decision? And if it's the latter, what is the reasoning behind it?
The text was updated successfully, but these errors were encountered: