on 06-05-2017 6:28 PM
We have a controller GET mapping like /myurl/{userid}
The userid is sent as an encoded value and that encoded value has a forward slash in it ("/"). Having a slash in the url causes a 404 error because it reads the "/" as a path divider. We've updated the sender to encode the slash as %2F, but we still get a 404 not found and it appears to be decoding the "/" before mapping. An example of the final url is https://mysiteurl.com/myurl/abc%2Fdef but it ends up being treated as https://mysiteurl.com/myurl/abc/def.
I've looked at the documentation for XSS filter but don't see anything about /, so does anyone else have any suggestions/pointers to allow the embedded encoded slash to pass through?
There is no standard solution for this. You can do either of the following few possible hacks:
Ask sender to replace the / with some other agreed character like '-' and you replace the same at your end, or
You could change the RequestMapping to @RequestMapping(value = "/myurl/**", method = RequestMethod.GET) and then parse the path variables manually from the request object.
Instead of escaping "/" characters with %2F, try to escape them with %252F. After that, in your request handler method Java code, you may need to unescape it, using something like URLDecoder.decode(serviceKey, "UTF-8")
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
7 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.