Tomcat 8 is not able to handle get request with '|' in query parameters?

Question

I am using Tomcat 8. In one case I need to handle external request coming from external source where the request has a parameters where it is separated by |.

Answer 1

This behavior is introduced in all major Tomcat releases:

• Tomcat 7.0.73, 8.0.39, 8.5.7

To fix, do one of the following:

• set relaxedQueryChars to allow this character (recommended, see Lincoln's answer)
• set requestTargetAllow option (deprecated in Tomcat 8.5) (see Jérémie's answer).
• you can downgrade to one of older versions (not recommended - security)

---

Based on changelog, those changes could affect this behavior:

Tomcat 8.5.3:

Ensure that requests with HTTP method names that are not tokens (as required by RFC 7231) are rejected with a 400 response

Tomcat 8.5.7:

Add additional checks for valid characters to the HTTP request line parsing so invalid request lines are rejected sooner.

---

The best option (following the standard) - you want to encode your URL on client:

encodeURI("http://localhost:8080/app/handleResponse?msg=name|id|")
> http://localhost:8080/app/handleResponse?msg=name%7Cid%7C

or just query string:

encodeURIComponent("msg=name|id|")
> msg%3Dname%7Cid%7C

It will secure you from other problematic characters (list of invalid URI characters).