Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Provide the un-%-decoded path
See original GitHub issueAs far as I can tell, ASGI follows the precedent set by WSGI in providing only a %-decoded string representation of the path. I believe this is a mistake. In particular, %2F is not a path separator by the URI RFC, but an application can’t tell it apart from /.
I suggest either providing a raw_path byte string, or deserializing the path properly and passing it as a list.
Issue Analytics
- State:
- Created 5 years ago
- Reactions:1
- Comments:17 (11 by maintainers)
Top Results From Across the Web
Use undecoded path for request mapping in WebFlux [SPR ...
In WebFlux the URL path will not be decoded for request mapping purposes. Patterns can still be expressed in undecoded form but will...
Read more >Java Reading Undecoded URL from Servlet - Stack Overflow
I have servlet mapped on, say /servletPath/* after that I can put whatever I want and get my servlet responding depending on the...
Read more >2225 (location-matching on undecoded paths) - nginx
Dear devs,. is there a way to configure nginx to location-match on undecoded URLs? Ideally matching on "only semantically" decoded URLs ...
Read more >Path in rocket::http::uri - Rust
Returns the raw, undecoded path value as an &str . ... The caller must ensure that the returned pointer is never written to....
Read more >URL Decode and Encode - Online
Decode from URL-encoded format or encode into it with various advanced options. Our site has an easy to use online tool to convert...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
I see the issue with downstream proxies since the website developers have no influence over these, but at least with reverse-proxies one could name the ones that do violate the RFC in this way in the documentation for such a
raw_pathstring or alternative interface.Right now ASGI is in the unfortunate position of throwing away information because servers further up the HTTP hot potato game would break assumptions made by devs about the validity of this information. This is very painful if a developer has confirmed their assumptions in the deployment they run, and determined that ASGI is the only place this information is being discarded.
An optional
raw_pathwas added to the spec here: https://github.com/django/asgiref/pull/92@andrewgodwin can you lock this? I don’t think there’s any more to be said here. If something new comes up, it can be discussed as a new issue.