Skip to content

CookieRequestCache handles URL encoded query parameters incorrectly  #9203

New issue
New issue
Closed
Closed
CookieRequestCache handles URL encoded query parameters incorrectly #9203
Assignees
eleftherias
Labels
in: webAn issue in web modules (web, webmvc)status: backportedAn issue that has been backported to maintenance branchestype: bugA general bug
Milestone
5.5.0-M2
@mengelbrecht

Description

@mengelbrecht
mengelbrecht
opened on Nov 13, 2020

Describe the bug
CookieRequestCache is used to save a request which contains an URL encoded query parameter. After restoring the saved request the request contains two values for this query parameter, the URL encoded and decoded form. If HttpSessionRequestCache is used, the query parameter is only present once, in decoded form.

Tested with Spring-Security 5.4.1.

To Reproduce

  1. Run the sample project
  2. Visit the url: http://localhost:8080/?goto=https%3A%2F%2Fstart.spring.io
  3. The output is: https://start.spring.io,https%3A%2F%2Fstart.spring.io

Optional steps to see the difference to HttpSessionRequestCache:
4. Change the used RequestCache in RequestCacheConfiguration to HttpSessionRequestCache (in the sample project)
5. Visit the url from step 2
6. The output is: https://start.spring.io

Expected behavior
The query parameter should only be present in decoded form. Therefore the output in step 3 should be https://start.spring.io.

Sample
demo.zip

Metadata

Metadata

Assignees

Labels

in: webAn issue in web modules (web, webmvc)status: backportedAn issue that has been backported to maintenance branchestype: bugA general bug

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions