ArgumentError: invalid %-encoding on invalid post data #520

knusul opened this Issue Feb 18, 2013 · 1 comment


None yet

2 participants

knusul commented Feb 18, 2013

When you send a post with data which will be invalid percent-encoded string(e.g. 'curl --data 'param1=value1%' localhost:3000' ) rack will brake with message:
Rack app error: #<ArgumentError: invalid %-encoding (value1%)>, but should respond with 400(or strip invalid chars?)
This is reproducible with rack 1.4.5, webrick, puma, unicorn, apache+modrails.

ref: #337

raggi commented Apr 22, 2013

Please see my comment on the thread you mentioned:

Puma, Thin, Webrick, Unicorn all return a 400 Bad Request before this hits Rack.

The SPEC says that PATH_INFO may be percent encoded, but it is expected to be valid. This may not be 100% clear in the spec at this time.

If an invalid PATH_INFO hits rack, then 500 is the correct response, as this is a server error, that has been caused by an invalid request.

Rack does not create response tuples for you in these cases. When you call Rack helpers, you should handle any exceptions raised from them in the manner that you want.

When servers allow through invalid data in segments that should be validated, this is a server error.

Here's a working

class App
  def call env
    [200, {'Content-Type' => 'text/plain'}, ["hello world"]]


And the resultant response:

% curl --data 'param1=value1%' http://localhost:9292/
hello world
@raggi raggi closed this Apr 22, 2013
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment