Custom path is always URI encoded and normalized with trailing slash in requests

[cyberduck]

238fde8 created the issue

Hi,

I have a URL like this (with a Macaroon based authentication token):

https://dolphin12.grid.surfsara.nl:2880/?authz=token

With CURL this works fine, so the token is correct. However, Cyberduck does not seem to be able to handle this. It asks for the username/password, and after that it asks for a client certificate, but whatever I fill in, it doesn't work. I get this error:

Listing directory ?authz=token failed. Unexpected response (404 Not Found). Please contact your web hosting service provider for assistance.

I found this in the server log:

https://dolphin12.grid.surfsara.nl:2880/%3Fauthz=token/

I see 2 issues here:

1. The ? in the GET URL appears to be URLencoded;
2. The path, in this case /, is appended to the GET URL, which alters the token so that authentication fails. Also, the path is not parsed by the server this way.

So I would like to request:

1. That a GET URL is not URLencoded;
2. That any path is inserted before the GET variables, instead of appended at the end.

Thanks!
Onno

[cyberduck]

238fde8 commented

The Macaroon may be provided as a HTTP(S) header. So, the possibility to add custom headers would be a solution. See https://www.dcache.org/manuals/workshop-2017-05-29-Umea/000-Final/anupam_macaroons_v02.pdf, page 9, for the specification.

However, I still think that it is a bug and it would be great if you could fix it.

[cyberduck]

@dkocher commented

We cannot easily fix this. Users have no idea of URI encoding and we should not expect them to escape the path set in the bookmark.