I have an URL with token having forward slashes like: https://blahblah/blahblahblah/blah=#server.com/something/somewhere/report/view/51234-5678-9101
Replacing / with %2F or _ doesn't work as it is changing token from the point of view of server. Is there any other way I could smuggle / in the URL?
URL encoding is the solution for this problem: https://unix.stackexchange.com/questions/159253/decoding-url-encoding-percent-encoding
Related
This the controller calls having path variable.
#RequestHapping(value="/circuit/getCircuitDetails/{circuitid:.+}", method =RequestMethod.GET, produces "application/json")
public ResponseEntity<ResponsePayLoad> getCircuitDetails (HttpServletRequest request, **#PathVariable (value = "circuitId" String circuitid**) throws Exception {
If I give path variable CircuitId as N1036596/N1036597 in postman url -> that is string containing forward slash
http://localhost:77/enggnar/circuit/getCircuitDetails/N1036596/N1036597
It is giving me error in postman.
Even by giving %2F and %5c in place of slash is also not working for me.
Please help me how to give the pathvariable containing forward slash.
Why is that / being included as part of the url? I get the url from request.url in my server side code. I am not typing a / in the browser
How to prevent a server from returning an error 400 code error when the URL contains % symbol using NGINX server?
Nginx configuration for my website:
....
rewrite ^/download/(.+)$ /download.php?id=$1 last;
....
When I tried to get access to this URL:
http://mywebsite.net/download/some-string-100%-for-example
I got this error:
400 Bad Request
With this url :
http://mywebsite.net/download/some-string-%25-for-example
it's work fine !
It's because it needs to be URL encoded first.
This will explain:
http://www.w3schools.com/tags/ref_urlencode.asp
URLs can only be sent over the Internet using the ASCII character-set.
Since URLs often contain characters outside the ASCII set, the URL has to be converted into a valid ASCII format.
URL encoding replaces unsafe ASCII characters with a "%" followed by two hexadecimal digits.
URLs cannot contain spaces. URL encoding normally replaces a space with a plus (+) sign or with %20.
The URL interpreter is confused to see a % without hexadecimals after it.
Why would you think of solving by changing Nginx configuration???
It's impossible to solve from the server side. It's a problem from the client side.
https://headteacherofgreenfield.wordpress.com/2016/03/23/100-celebrations/
In that URL, the title is 100% Celebrations! but the permalink is autogenerated to 100-celebrations. It's because they know putting 100% will cause a URL encode problem.
If even Wordpress doesn't do it your way, then why should you do it?
I am using the PHP HybridAuth library and integrating oauth2 support, all providers such as Yahoo, MSN and Facebook works, except Google, showing
The redirect URI in the request:
https://www.example.com/auth?action=callback&hauth.done=Google did not match a registered redirect URI.
My redirect url is : https://www.example.com/auth?action=callback&hauth.done=Google, I've added both urls to see if I can workaround for their non sense escape limitation, e.g.
https://www.example.com/auth?action=callback&hauth.done=Google
https://www.example.com/auth?action=callback&hauth.done=Google
Still no luck...Any idea?
just an assumption, try urlencode()'ing the url,
$url = "https://www.example.com/auth?action=callback" . urlencode("&hauth.done=Google");
You need use the PHP urlencode function.
urlencode — URL-encodes string
(PHP 4, PHP 5)
string urlencode ( string $str )
This function is convenient when encoding a string to be used in a query part of a URL, as a convenient way to pass variables to the next page.
Example:
$encoded_url = urlencode("https://www.example.com/auth?action=callback&hauth.done=Google");
More informations:
HTML URL Encoding Reference
http://www.w3schools.com/tags/ref_urlencode.asp
PHP urlencode
http://php.net/manual/en/function.urlencode.php
I have a DAV protocol that stores out-of-band data in the url anchor, e.g. the ghi in DELETE /abc.def#ghi. The server is a Flask application.
I can see the request come in on the wire via tcpdump, but when I look at the werkzeug Request object (such as url() or base_url()), all I get back is /abc.def. The #ghi has been stripped out.
Is there a method that returns this information, or do I have to subclass Request to handle this myself? If so, is there an example I can use as an inspiration?
I ran into the same problem. Facebook authentication API returns the access token behind a hash appended into the redirection url. In the same way, Flask's request.url drops everything in the URL behind the hash sign.
I'm also using Flask so I think you can use my brute-force workaround using Javascript's window.location.href to get the full URL. Then, I just extracted the piece that I needed (the access token), put it into a redirection URL where I can pass the access token as an argument to the receiving view function. Here's the code:
#app.route('/app_response/<response>', methods=['GET'])
def app_response_code(response):
return ''' <script type="text/javascript">
var token = window.location.href.split("access_token=")[1];
window.location = "/app_response_token/" + token;
</script> '''
#app.route('/app_response_token/<token>/', methods=['GET'])
def app_response_token(token):
return token
In case you manage(d) to do this within Werkzeug, I'm interested to know how.
From Wikipedia (Fragment Identifier) (don't have the time to find it in the RFC):
The fragment identifier functions differently than the rest of the URI: namely, its processing is exclusively client-side with no participation from the server
So Flask - or any other framework - doesn't have access to #ghi.
You can do this using flask.url_for with the _anchor keyword argument:
url_for('abc.def', _anchor='ghi')