A potentially dangerous Request.Path value was detected from the client (*)

前端 未结 8 1939
执笔经年
执笔经年 2020-11-22 12:18

I am receiving the rather self explanatory error:

A potentially dangerous Request.Path value was detected from the client (*).

T

相关标签:
8条回答
  • 2020-11-22 12:32

    You should encode the route value and then (if required) decode the value before searching.

    0 讨论(0)
  • 2020-11-22 12:33

    If you're using .NET 4.0 you should be able to allow these urls via the web.config

    <system.web>
        <httpRuntime 
                requestPathInvalidCharacters="&lt;,&gt;,%,&amp;,:,\,?" />
    </system.web>
    

    Note, I've just removed the asterisk (*), the original default string is:

    <httpRuntime 
              requestPathInvalidCharacters="&lt;,&gt;,*,%,&amp;,:,\,?" />
    

    See this question for more details.

    0 讨论(0)
  • 2020-11-22 12:41

    For me, I am working on .net 4.5.2 with web api 2.0, I have the same error, i set it just by adding requestPathInvalidCharacters="" in the requestPathInvalidCharacters you have to set not allowed characters else you have to remove characters that cause this problem.

    <system.web>
         <httpRuntime targetFramework="4.5.2" requestPathInvalidCharacters="" />
         <pages  >
          <namespaces>
         ....
     </namespaces>
        </pages> 
      </system.web>
    

    **Note that it is not a good practice, may be a post with this parameter as attribute of an object is better or try to encode the special character. -- After searching on best practice for designing rest api, i found that in search, sort and paginnation, we have to handle the query parameter like this

    /companies?search=Digital%26Mckinsey
    

    and this solve the problem when we encode & and remplace it on the url by %26 any way, on the server we receive the correct parameter Digital&Mckinsey

    this link may help on best practice of designing rest web api https://hackernoon.com/restful-api-designing-guidelines-the-best-practices-60e1d954e7c9

    0 讨论(0)
  • 2020-11-22 12:41

    This exception occurred in my application and was rather misleading.

    It was thrown when I was calling an .aspx page Web Method using an ajax method call, passing a JSON array object. The Web Page method signature contained an array of a strongly-typed .NET object, OrderDetails. The Actual_Qty property was defined as an int, and the JSON object Actual_Qty property contained "4 " (extra space character). After removing the extra space, the conversion was made possible, the Web Page method was successfully reached by the ajax call.

    0 讨论(0)
  • 2020-11-22 12:48

    For me, when typing the url, a user accidentally used a / instead of a ? to start the query parameters

    e.g.:

    url.com/endpoint/parameter=SomeValue&otherparameter=Another+value

    which should have been:

    url.com/endpoint?parameter=SomeValue&otherparameter=Another+value

    0 讨论(0)
  • 2020-11-22 12:53

    The * character is not allowed in the path of the URL, but there is no problem using it in the query string:

    http://localhost:3286/Search/?q=test*
    

    It's not an encoding issue, the * character has no special meaning in an URL, so it doesn't matter if you URL encode it or not. You would need to encode it using a different scheme, and then decode it.

    For example using an arbitrary character as escape character:

    query = query.Replace("x", "xxx").Replace("y", "xxy").Replace("*", "xyy");
    

    And decoding:

    query = query.Replace("xyy", "*").Replace("xxy", "y").Replace("xxx", "x");
    
    0 讨论(0)
提交回复
热议问题