You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
[Short description of problem here]
If curl is done with http://example.com/a%2Fv (to imitate request from a web UI), Janus is sending a%%252Fv to the upstream server.
Reproduction Steps:
Set httpd configuration to allowedEncodedSlash as true and rewriterule with [P, NE]
Upstream is getting path as a%252Fv and rejecting the request.
Expected behavior:
URL should not be encoded with rewriterule as [P, NE] and Proxypass as nocanon.
[Describe expected behavior here]
In reverse_proxy.go, found some strange code which might be causing this issue. I could reproduce the issue in a simple golang code.
When we set path(a%2Fv) in the above line, and then call req.URL.RequestURI() it is giving escaped path(a%252Fv)
.
Observed behavior:
Sample output with the golang program:
Program Snippet:
func main() {
// Get the full request URI
req, _ := http.NewRequest("GET", "http://example.com/a%2Fv", nil)
requestURI := req.URL.RequestURI()
// Print the request URI
fmt.Println("Request URI: \n", requestURI)
req.URL.Path = "a%2Fv"
fmt.Println("After URI: \n", req.URL.RequestURI())
}
O/p:
Request URI:
/a%2Fv
After URI:
a%252Fv
Janus version: [Enter Atom version here] OS and version: [Enter OS name and version here]
The text was updated successfully, but these errors were encountered:
[Short description of problem here]
If curl is done with http://example.com/a%2Fv (to imitate request from a web UI), Janus is sending a%%252Fv to the upstream server.
Reproduction Steps:
Expected behavior:
URL should not be encoded with rewriterule as [P, NE] and Proxypass as nocanon.
[Describe expected behavior here]
In reverse_proxy.go, found some strange code which might be causing this issue. I could reproduce the issue in a simple golang code.
When we set path(a%2Fv) in the above line, and then call req.URL.RequestURI() it is giving escaped path(a%252Fv)
.
Observed behavior:
Sample output with the golang program:
Program Snippet:
func main() {
// Get the full request URI
req, _ := http.NewRequest("GET", "http://example.com/a%2Fv", nil)
requestURI := req.URL.RequestURI()
}
O/p:
Request URI:
/a%2Fv
After URI:
a%252Fv
Janus version: [Enter Atom version here]
OS and version: [Enter OS name and version here]
The text was updated successfully, but these errors were encountered: