Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Do server variables allow unencoded slashes?

See original GitHub issue

This is somewhat related to #2204 and https://github.com/OAI/OpenAPI-Specification/pull/2218. It’s been clarified that path parameters don’t allow unescaped slashes, but what about server variables?

Consider this example:

servers:
  - url: "https://example.com/{subpath}reports/"
    variables:
      subpath:
        default: ''
        enum:
          - ''
          - 'abc/123/'
          - 'abc/456/'

Are these valid values for a server variable? If yes - what is the resulting server URL for subpath=abc/123/? –

https://example.com/abc/123/reports/
 or
https://example.com/abc%2F123%2Freports/

In other words, is the example above a proper way to vary subpaths using server variables, or should this example be rewritten as follows? –

servers:
  - url: "https://api.example.com/reports/"
  - url: "https://api.example.com/abc/{id}/reports/"
    variables:
      id:
        default: ''
        enum:
          - '123'
          - '456'

Issue Analytics

State:
Created 3 years ago
Comments:8 (5 by maintainers)

Top GitHub Comments

2reactions

darrelmillercommented, Feb 11, 2021

@awwright By the tooling providing the parameter value. The reference you quoted in RFC3986 is a good one and might warrant us adding words that indicate a server variable should not be treated as a “data octet” but as a literal portion of the URL.

1reaction

darrelmillercommented, Feb 4, 2021

The limitation on path templates is to prevent ambiguous resolution of operations. e.g.

/reports/foo/bar
/reports/{someparam}    where someparam = foo/bar

In the case of server variables mapping to a different server URI does not have significant consequences. However preventing a a forward slash in a server variable would prevent multi-segment variable values. e.g.

/{tenantName}/mysaasresource

/cocacola/us/mysaasresource
/cocacola/uk/mysaasresource

If forward slashes are not intended to create path segments in the URL then the need to be a percent encoded.

Nobody raised an objection to this in the TSC call because Marsh was missing 😃 Hence the current wording of the spec is sufficient.

Top Results From Across the Web

Why is it a security risk to allow encoded slashes in a URI?

To clarify: Apache does not allow encoded slashes in the path, but they are allowed in the query string. The query string is...

Url Encoded Slashes(%2F) in Apache - Bobcares

Turning on this directive tells the web server to allow encoded slashes in URLs. 2.Replace %2F with %252F and %5C with %255C after...

core - Apache HTTP Server Version 2.4

The AllowEncodedSlashes directive allows URLs which contain encoded path ... The variable can be used in the configuration using the ${VAR} syntax.

URL encoding slash character ('/') and Apache web servers

Hi, I'm facing a problem with IIIF Image API 1.1 (it should be the same with API 2.0 though). I'm using : -...

Preserve encoded slashes in URL - WimpyProgrammer

Encoding in a basic PHP application ... A basic PHP-on-IIS application handles encoded characters well. Let's review the output of phpinfo() .

Troubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.

Start Free

Top Related Reddit Thread

No results found

Top Related Tweet

No results found

Top Related Dev.to Post

No results found

Do server variables allow unencoded slashes?

Issue Analytics

Top GitHub Comments

Top Results From Across the Web

Top Related Medium Post

Top Related StackOverflow Question

Troubleshoot Live Code

Top Related Reddit Thread

Top Related Hackernoon Post

Top Related Tweet

Top Related Dev.to Post

Top Related Hashnode Post

Community (TDC) Meeting Agenda backlog

security scheme apiKey in body form data parameter