-
Notifications
You must be signed in to change notification settings - Fork 4.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
HPE_INVALID_URL with non-urlencoded args #12073
Comments
Yes, I have read https://tools.ietf.org/html/rfc3986#section-2 but other tools work with these characters correctly by passing them further (for example, |
I think by default we compile http1 parser in HTTP_PARSER_STRICT mode, which limits URL characters to US_ASCII if I read the code correctly. This isn't something configuration controlled, you need to rebuild envoy to allow UTF characters in URLs. I have no sense for how important handling of such URLs is. I'll let others chime in. |
I've asked for opinions from the maintainer and nobody had any. I think the best way for to proceed is to actually implement the feature if you have dev experience. Otherwise I do not think it will gain any traction at this point. |
Hello. We have a problem with non-urlencoded args too. Did anyone try to resolve this issue? |
Hi, we're having issues with this too, doing some reasearch it would seem that a lot of utilities, languages or frameworks support utf-8 characters in URLs, including Go, Nginx and more. Rejecting utf-8 characters in urls could be troublesome. Maybe envoy could compile http_parser in non-strict mode and do validations inside envoy so that they can be configurable? I don't know how this stands in regards to #15814 which is changing the parser to llhttp Edit: also maybe related to #13358 ? |
Hi, we have this issue as well. Did anyone resolve this issue or find bypass of this issue? 3-byte wide UTF-8 character in query params works fine with Envoy on Chrome browser and IE11 with https protocol but we have 400 error when we use IE11 with http protocol. |
I have an envoy as a http1.1 proxy with default config and when I try to access some non-unicode nonencoded params in uri - I have error 400 with HPE_INVALID_URL in debug log without any information.
normalize_path
is off by default and there is not a path - it is query string, so this behaviour looks strange.Repro steps:
Request:
curl 'http://localhost:12701/test?arg=Юникодные символы'
Expect: Correct proxy pass to backend
Answer: 400 Bad Request
The text was updated successfully, but these errors were encountered: