Do server variables allow unencoded slashes?
See original GitHub issueThis is somewhat related to #2204 and https://github.com/OAI/OpenAPI-Specification/pull/2218. It’s been clarified that path parameters don’t allow unescaped slashes, but what about server variables?
Consider this example:
servers:
- url: "https://example.com/{subpath}reports/"
variables:
subpath:
default: ''
enum:
- ''
- 'abc/123/'
- 'abc/456/'
Are these valid values for a server variable?
If yes - what is the resulting server URL for subpath
=abc/123/
? –
https://example.com/abc/123/reports/
or
https://example.com/abc%2F123%2Freports/
In other words, is the example above a proper way to vary subpaths using server variables, or should this example be rewritten as follows? –
servers:
- url: "https://api.example.com/reports/"
- url: "https://api.example.com/abc/{id}/reports/"
variables:
id:
default: ''
enum:
- '123'
- '456'
Issue Analytics
- State:
- Created 3 years ago
- Comments:8 (5 by maintainers)
Top Results From Across the Web
Why is it a security risk to allow encoded slashes in a URI?
To clarify: Apache does not allow encoded slashes in the path, but they are allowed in the query string. The query string is...
Read more >Url Encoded Slashes(%2F) in Apache - Bobcares
Turning on this directive tells the web server to allow encoded slashes in URLs. 2.Replace %2F with %252F and %5C with %255C after...
Read more >core - Apache HTTP Server Version 2.4
The AllowEncodedSlashes directive allows URLs which contain encoded path ... The variable can be used in the configuration using the ${VAR} syntax.
Read more >URL encoding slash character ('/') and Apache web servers
Hi, I'm facing a problem with IIIF Image API 1.1 (it should be the same with API 2.0 though). I'm using : -...
Read more >Preserve encoded slashes in URL - WimpyProgrammer
Encoding in a basic PHP application ... A basic PHP-on-IIS application handles encoded characters well. Let's review the output of phpinfo() .
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
@awwright By the tooling providing the parameter value. The reference you quoted in RFC3986 is a good one and might warrant us adding words that indicate a server variable should not be treated as a “data octet” but as a literal portion of the URL.
The limitation on path templates is to prevent ambiguous resolution of operations. e.g.
In the case of server variables mapping to a different server URI does not have significant consequences. However preventing a a forward slash in a server variable would prevent multi-segment variable values. e.g.
If forward slashes are not intended to create path segments in the URL then the need to be a percent encoded.
Nobody raised an objection to this in the TSC call because Marsh was missing 😃 Hence the current wording of the spec is sufficient.