Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Double url-encoding of query string with ALB

See original GitHub issue

I’ve found that if I send a get request to FastAPI like GET eg.com/something?name=John+Smith then the database query generated uses literally John+Smith. Same situation using %20.

It seems that Mangum is doing a second round of url-encoding on the query strings, so when FastAPI (or whatever might sit in the middle) decodes the query string it gets the once-encoded version back.

I’m working with an Application Load Balancer.

I’m not 100% sure what the correct behaviour should be, or whether the URL encoding behaviour should be different between API gateway and ALB.

I’ll create a pull request with a failing test for this in a moment.

Some references:

https://docs.aws.amazon.com/elasticloadbalancing/latest/application/lambda-functions.html “If the query parameters are URL-encoded, the load balancer does not decode them. You must decode them in your Lambda function.”

with ALB source, serverless-wsgi decodes and then encodes the query strings before passing off to WSGI: https://github.com/logandk/serverless-wsgi/blob/f8d5a92f63901ed25d1a09ae19fcaa791e22436f/serverless_wsgi.py#L82-L93

Related issues from serverless-express https://github.com/vendia/serverless-express/issues/241 https://github.com/vendia/serverless-express/issues/219

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Reactions:1
  • Comments:10 (10 by maintainers)

github_iconTop GitHub Comments

1reaction
nathanglovercommented, Apr 22, 2021

@jordaneremieff I think this can be closed now? Since you merged #184

1reaction
jurasofishcommented, Apr 18, 2021

Yeah #155 looks pretty good. From reading it, looks like it:

  • performed double encoding of query params (bug)
  • handled returning multi value headers and multi value query strings correctly (including detecting whether multi-value headers are enabled from the ALB input)
  • tested the multi value query string/headers stuff well.
Read more comments on GitHub >

github_iconTop Results From Across the Web

URL encoding affecting Marketing Channel Processing Rule
The Marketing Channel Processing System does not decode the query string parameters in the URL. It assumes that the intended value is encoded ......
Read more >
Using Double URL Encoding to Bypass Security Mechanisms ...
In this video we answer the question 'what is double encoding'. We then use double URL encoding to bypass the security mechanims on...
Read more >
apache 2.4 - double encode already encoded query string in ...
I am trying to find out how to double encode only the query string part of the URL using mod_rewrite in Apache webserver...
Read more >
urlencode - Manual - PHP
This function is convenient when encoding a string to be used in a query part of a URL, as a convenient way to...
Read more >
Using Query Parameters (AWS Signature Version 4)
Authenticate requests using the query parameters to express a request ... Each URI encoded byte is formed by a '%' and the two-digit ......
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Mangum: 0.12.0 tests folder in pip

Next page

issue in reading .woff/.ttf/.woff2 (font extension) files