发表新帖
发表新帖

Tomcat 8 is not able to handle get request with '|' in query parameters?

前端 未结
关注
7 510
半阙折子戏
半阙折子戏 2020-11-27 04:19

I am using Tomcat 8. In one case I need to handle external request coming from external source where the request has a parameters where it is separated by |.

相关标签:
7条回答
  • 佛祖请我去吃肉
    2020-11-27 04:30

    Issue: Tomcat (7.0.88) is throwing below exception which leads to 400 – Bad Request.

    java.lang.IllegalArgumentException: Invalid character found in the request target. 
The valid characters are defined in RFC 7230 and RFC 3986.

    This issue is occurring most of the tomcat versions from 7.0.88 onwards.

    Solution: (Suggested by Apache team):

    Tomcat increased their security and no longer allows raw square brackets in the query string. In the request we have [,] (Square brackets) so the request is not processed by the server.

    Add relaxedQueryChars attribute under tag under server.xml (%TOMCAT_HOME%/conf):

    <Connector port="80" 
           protocol="HTTP/1.1"
           maxThreads="150"
           connectionTimeout="20000"
           redirectPort="443"
           compression="on"
           compressionMinSize="2048"
           noCompressionUserAgents="gozilla, traviata"
           compressableMimeType="text/html,text/xml"
                                     relaxedQueryChars="[,]"
             />

    If application needs more special characters that are not supported by tomcat by default, then add those special characters in relaxedQueryChars attribute, comma-separated as above.

    0 讨论(0)
  • 执念已碎
    2020-11-27 04:30

    Adding "relaxedQueryChars" attribute to the server.xml worked for me :

    <Connector connectionTimeout="20000" port="8080" protocol="HTTP/1.1" redirectPort="443" URIEncoding="UTF-8" relaxedQueryChars="[]|{}^&#x5c;&#x60;&quot;&lt;&gt;"/>
    0 讨论(0)
  • 南笙
    2020-11-27 04:35

    Since Tomcat 7.0.76, 8.0.42, 8.5.12 you can define property requestTargetAllow to allow forbiden characters.

    Add this line in your catalina.properties 

    tomcat.util.http.parser.HttpParser.requestTargetAllow=|{}
    0 讨论(0)
  • 我在风中等你
    2020-11-27 04:35

    The URI is encoded as UTF-8, but Tomcat is decoding them as ISO-8859-1. You need to edit the connector settings in the server.xml and add the URIEncoding="UTF-8" attribute.

    or edit this parameter on your application.properties

    server.tomcat.uri-encoding=utf-8

    0 讨论(0)
  • 轻奢々
    2020-11-27 04:36

    The parameter tomcat.util.http.parser.HttpParser.requestTargetAllow is deprecated since Tomcat 8.5: tomcat official doc.

    You can use relaxedQueryChars / relaxedPathChars in the connectors definition to allow these chars: tomcat official doc.

    0 讨论(0)
  • 遇见更好的自我
    2020-11-27 04:39

    Escape it. The pipe symbol is one that has been handled differently over time and between browsers. For instance, Chrome and Firefox convert a URL with pipe differently when copy/paste them. However, the most compatible, and necessary with Tomcat 8.5 it seems, is to escape it:

    http://localhost:8080/app/handleResponse?msg=name%7Cid%7C

    0 讨论(0)
 看不清?
提交回复
热议问题