Login/Register
Netflix Zuul query string encoding
Asked Answered
netflix-zuul
C

3

6

When sending a request via Zuul to a client, Zuul seems to change the query String. More specifically, if the client should receive an url-encoded query String, Zuul decodes the query String once. Here is a concrete example:

If "http://localhost:8080/demo/demo?a=http%3A%2F%2Fsomething/" is sent to the client, the client receives as a query String "a=http://something/".

Looking into Zuul`s code, the function "buildZuulRequestQueryParams" uses "HTTPRequestUtils.getInstance().getQueryParams();" which decodes the query String.

Is this a desired feature or a bug?

Choreograph answered 7/4, 2016 at 12:13 Comment(0)
M
9

Zuul actually offers a flag to disable this behavior.

8.9 Query String Encoding When processing the incoming request, query params are decoded so that they can be available for possible modifications in Zuul filters. They are then re-encoded the backend request is rebuilt in the route filters. The result can be different than the original input if (for example) it was encoded with Javascript’s encodeURIComponent() method. While this causes no issues in most cases, some web servers can be picky with the encoding of complex query string.

To force the original encoding of the query string, it is possible to pass a special flag to ZuulProperties so that the query string is taken as is with the HttpServletRequest::getQueryString method, as shown in the following example:

application.yml. 

 zuul:
  forceOriginalQueryStringEncoding: true

[Note] This special flag works only with SimpleHostRoutingFilter. Also, you loose the ability to easily override query parameters with RequestContext.getCurrentContext().setRequestQueryParams(someOverriddenParameters), because the query string is now fetched directly on the original HttpServletRequest.

8. Router and Filter: Zuul

Magician answered 14/3, 2018 at 3:45 Comment(1)
Why would they have this flag set to 'false' by default? Uh..Snarl
C
0

I was facing the same issue yesterday. I think it's related to this pull request. A faster way to solve this issue (without wait for PR get merged) is rewrite the classes in your own project using the same package and class name to override the framework class.

Cattish answered 19/4, 2016 at 18:35 Comment(0)
O
0

I ran into the same issue recently. Submitted a PR to Netflix/Zuul. Basically adding the same ability that's currently available on spring cloud gateway to Netflix. Hoping it'll get addressed soon.

If accepted, you could pretty much add a config to keep the original uri encoding

zuul.keepOriginalQueryStringEncoding=true
Overalls answered 28/3, 2019 at 14:1 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.