Proxy replaces space encoded as %20 with +

[slaxor505]

Hi there,

I'm hosting Grafana behind this revproxy and it seems to be replacing %20 in the URL with "+" which causes 404 on Grafana API backend.

E.g:

curl http://admin:admin@localhost:8000/grafana/api/datasources/proxy/2/plant/detail/abelia%20dielsii/

Makes the following request to the upstream:

http://localhost:3000/api/datasources/proxy/2/plant/detail/abelia+dielsii/

Is it bug or is it configurable or is it something I'm missing?

Django log:

[2023-01-02 06:01:47 UTC] INFO views ProxyView created
[2023-01-02 06:01:47 UTC] DEBUG views Dispatch full path: /grafana/api/datasources/proxy/2/plant/detail/abelia%20dielsii/
[2023-01-02 06:01:47 UTC] DEBUG views Request headers: {'Content-Type': 'text/plain', 'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:108.0) Gecko/20100101 Firefox/108.0', 'Accept': 'application/json, text/plain, /', 'Accept-Language': 'en-US,en;q=0.5', 'Referer': 'http://localhost:8000/grafana/d/Vba7ZB44k/open-plantbook?orgId=1', 'X-Grafana-Org-Id': '1', 'Dnt': '1', 'Connection': 'keep-alive', 'Sec-Fetch-Dest': 'empty', 'Sec-Fetch-Mode': 'cors', 'Sec-Fetch-Site': 'same-origin', 'Sec-Gpc': '1', 'Pragma': 'no-cache', 'Cache-Control': 'no-cache'}
[2023-01-02 06:01:47 UTC] DEBUG views Request URL: http://localhost:3000/api/datasources/proxy/2/plant/detail/abelia+dielsii/

Thanks in advance!

Update:
I've taken look into source code and I see that:

def quote_plus(string, safe='', encoding=None, errors=None):
in parse.py

causes this. I don't think this is right behaviour as + is only accepted for application/x-www-form-urlencoded that uses + instead of %20 for spaces). I'd expect that the URL's path should be mapped 1-to-1 to backend call.

[slaxor505]

Looking further it seems that the revproxy uses "quote_plus()" from urllib while it may need to use "quote()" instead or at least for non-form requests. Changing the above works fine.

    def get_quoted_path(self, path):
        """Return quoted path to be used in proxied request"""
        return quote(path.encode('utf8'), QUOTE_SAFE)

The log after the fix:

django-log [2023-01-02 07:09:52 UTC] INFO views ProxyView created
django-log [2023-01-02 07:09:52 UTC] DEBUG views Dispatch full path: /grafana/api/datasources/proxy/2/plant/detail/abelia%20dielsii/
django-log [2023-01-02 07:09:52 UTC] DEBUG views Request headers: {'Content-Type': 'text/plain', 'Authorization': 'Basic YWRtaW46YWRtaW4=', 'User-Agent': 'curl/7.79.1', 'Accept': '/'}
django-log [2023-01-02 07:09:52 UTC] DEBUG views Request URL: http://localhost:3000/api/datasources/proxy/2/plant/detail/abelia dielsii/
django-log [2023-01-02 07:09:52 UTC] DEBUG connectionpool Starting new HTTP connection (1): localhost:3000
django-log [2023-01-02 07:09:52 UTC] DEBUG connectionpool http://localhost:3000 "GET /api/datasources/proxy/2/plant/detail/abelia%20dielsii/ HTTP/1.1" 200 409
django-log [2023-01-02 07:09:52 UTC] DEBUG views Proxy response header: HTTPHeaderDict({'Allow': 'GET, HEAD, OPTIONS', 'Content-Length': '409', 'Content-Security-Policy': 'sandbox', 'Content-Type': 'application/json', 'Date': 'Mon, 02 Jan 2023 07:09:52 GMT', 'Referrer-Policy': 'same-origin', 'Vary': 'Accept, Cookie, Origin', 'X-Content-Type-Options': 'nosniff', 'X-Frame-Options': 'deny', 'X-Xss-Protection': '1; mode=block'})
django-log [2023-01-02 07:09:52 UTC] DEBUG response Proxy response headers: HTTPHeaderDict({'Allow': 'GET, HEAD, OPTIONS', 'Content-Length': '409', 'Content-Security-Policy': 'sandbox', 'Content-Type': 'application/json', 'Date': 'Mon, 02 Jan 2023 07:09:52 GMT', 'Referrer-Policy': 'same-origin', 'Vary': 'Accept, Cookie, Origin', 'X-Content-Type-Options': 'nosniff', 'X-Frame-Options': 'deny', 'X-Xss-Protection': '1; mode=block'})
django-log [2023-01-02 07:09:52 UTC] DEBUG response Content-Type: application/json
django-log [2023-01-02 07:09:52 UTC] INFO response Normalizing response headers
django-log [2023-01-02 07:09:52 UTC] DEBUG utils Response headers: {'Content-Type': 'application/json', 'Allow': 'GET, HEAD, OPTIONS', 'Content-Length': '409', 'Content-Security-Policy': 'sandbox', 'Date': 'Mon, 02 Jan 2023 07:09:52 GMT', 'Referrer-Policy': 'same-origin', 'Vary': 'Accept, Cookie, Origin', 'X-Content-Type-Options': 'nosniff', 'X-Frame-Options': 'deny', 'X-Xss-Protection': '1; mode=block'}
django-log [2023-01-02 07:09:52 UTC] INFO response Checking for invalid cookies
django-log [2023-01-02 07:09:52 UTC] DEBUG response Response cookies:
django-log [2023-01-02 07:09:52 UTC] DEBUG views RESPONSE RETURNED: <HttpResponse status_code=200, "application/json">

[andruten]

Sorry for the late response. I've opened #191 which should fix this issue.

[andruten]

Hi @slaxor505 @qx, A new REVPROXY django settings dict has been in 0.13.0. You can see further details in the docs.