java.lang.IllegalArgumentException: Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986

Question

java.lang.IllegalArgumentException: 
Invalid character found in the request target. 
The valid characters are defined in RFC 7230 and RFC 3986

This

Answer 1

I encountered the same error when sending location of a file in a AJAX GET request.

Error:

java.lang.IllegalArgumentException: 
Invalid character found in the request target. 
The valid characters are defined in RFC 7230 and RFC 3986

Since the location had characters which are not recognized. I.e. "C:///" etc, the error was thrown.

The use of encodeURIComponent helped me fix the issue since it encodes the component.

When you pass the Chinese characters make sure you add those inside "encodeURIComponent" method. In my case:

 $.ajax({
        type: "GET",
        url: 'removeFile?removeFileName=' + encodeURIComponent("C:///YO/Ed/PO/")
        data: {},
        dataType: 'json',

Answer 2

There is no way to fix this in Tomcat. The requests are not specification compliant so Tomcat will not permit them. There is a long history of security issues around different components in a system reacting differently to such URLs. Usually in the form of header and/or request injection. As a result, Tomcat's URL parsing has been tightened up and it is extremely unlikely it will be relaxed.

httpd is heading in the same direction for the same reasons.

The best long term option is to point out to the clients that the requests they are sending are not specification compliant and that they need to fix them (by using appropriate %nn encoding). On the Tomcat side, make sure Tomcat is using UTF-8. That is the default on newer versions. You might need to explicitly set it on older releases.

Answer 3

It looks like Tomcat, out of the box, will not allow these characters, as you've seen, taking a glance at this question seems to imply you can change this behavior editing your catalina.properties and defining the requestTargetAllow parameter, like the following:

tomcat.util.http.parser.HttpParser.requestTargetAllow=|{}

Unfortunately, it looks like this is just a long list of characters you want to allow, so if you want all chinese characters to be there, you're going to have a pretty long list, per Wikpedia:

In China, which uses simplified Chinese characters, the Xiàndài Hànyǔ Chángyòng Zìbiǎo (现代汉语常用字表, Chart of Common Characters of Modern Chinese) lists 2,500 common characters and 1,000 less-than-common characters, while the Xiàndài Hànyǔ Tōngyòng Zìbiǎo (现代汉语通用字表, Chart of Generally Utilized Characters of Modern Chinese) lists 7,000 characters, including the 3,500 characters already listed above.