Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Url encoded characters get decoded #343

Open
nickdima opened this issue May 22, 2014 · 13 comments
Open

Url encoded characters get decoded #343

nickdima opened this issue May 22, 2014 · 13 comments

Comments

@nickdima
Copy link

I have a problem with iisnode on Azure which is that the url encoded entities when passed to my express app in node are already decoded and can cause problems with the routing.
It doesn't seem to happen for all characters, for example %20 remains encoded while %3D gets decoded.
@dotnetwise
Copy link

+1

@jsiler
Copy link

jsiler commented Feb 11, 2016

+1 Having same issue in Azure. I'm passing an encoded path in the URL and it is being decoded and not matching on the appropriate route.

@eugeneagafonov
Copy link

There was an older issue about that, I commented the problem there. Still found no solution to it:
URLEncoded route parameters are not respected #217

@eugeneagafonov
Copy link

For now I was able to promote UNENCODED_URL IIS rewrite module server variable to headers, and at least I have it in node app. I'm going to see where request url gets created and passed to nodejs app in iisnode source code

@eugeneagafonov eugeneagafonov mentioned this issue Mar 11, 2016
Open
@joaosa
Copy link

joaosa commented Apr 12, 2017

@eugeneagafonov Did you have any luck with this? :)

@BorisJanischevsky
Copy link

Hi I am experiencing the same problem. I am requesting something like /search/old%2F1 and node gets the request /search/old/1 . In my case I have this issue on Azure and a Windows 7 / IIS box. Any help greatly appreciated.

@eugeneagafonov
Copy link

Hi everyone,
I've made a pull request which can fix this issue on premises, however on Azure the url gets decoded before it reaches the node app for security reasons, so on Azure it is not possible to fix right now.

@joaosa @BorisJanischevsky you can follow the link to my pull request, and if you manually compile and build installers for iisnode, it will fix the issue:
#486 (comment)

It could be easier if you go to my fork and try VS2015 solution here:
https://github.com/eugeneagafonov/iisnode/tree/vs2015

BretJohnson added a commit to microsoft/code-push that referenced this issue Jun 11, 2017
@BretJohnson
Fix to handle app name specifications with slashes. The is the CLI ...
79b591c 
change to match the corresponding server change deployed
a couple days back.

Here are details of the issue:
// IIS and Azure web apps have this annoying behavior where %2F (URL encoded slashes) in the URL are URL decoded
// BEFORE the requests reach node. That essentially means there's no good way to encode a "/" in the app name--
// URL encodeing will work when running locally but when running on Azure it gets decoded before express sees it,
// so app names with slashes don't get routed properly. See tjanczuk/iisnode#343 (or other sites
// that complain about the same) for some more info. I explored some IIS config based workarounds, but the previous
// link seems to say they won't work, so I eventually gave up on that.
// Anyway, to workaround this issue, we now allow the client to encode / characters as ~~ (two tildes, URL encoded).
// The CLI now converts / to ~~ if / appears in an app name, before passing that as part of the URL. This code below
// does the encoding. It's hack, but seems like the least bad option here.
// Eventually, this service will go away & we'll all be on Max's new service. That's hosted in docker, no more IIS,
// so this issue should go away then.
@BretJohnson BretJohnson mentioned this issue Jun 11, 2017
Merged
BretJohnson added a commit to microsoft/code-push that referenced this issue Jun 12, 2017
@BretJohnson
Fix to handle app name specifications with slashes. The is the CLI ... (
eae70b7 
#471)

change to match the corresponding server change deployed
a couple days back.

Here are details of the issue:
// IIS and Azure web apps have this annoying behavior where %2F (URL encoded slashes) in the URL are URL decoded
// BEFORE the requests reach node. That essentially means there's no good way to encode a "/" in the app name--
// URL encodeing will work when running locally but when running on Azure it gets decoded before express sees it,
// so app names with slashes don't get routed properly. See tjanczuk/iisnode#343 (or other sites
// that complain about the same) for some more info. I explored some IIS config based workarounds, but the previous
// link seems to say they won't work, so I eventually gave up on that.
// Anyway, to workaround this issue, we now allow the client to encode / characters as ~~ (two tildes, URL encoded).
// The CLI now converts / to ~~ if / appears in an app name, before passing that as part of the URL. This code below
// does the encoding. It's hack, but seems like the least bad option here.
// Eventually, this service will go away & we'll all be on Max's new service. That's hosted in docker, no more IIS,
// so this issue should go away then.
@vzaidman
Copy link

vzaidman commented Nov 13, 2018
edited
Loading

are there any updates on that?
we need slashes on our url when it gets to node js.

@vzaidman
Copy link

vzaidman commented Nov 13, 2018
edited
Loading

a workaround i used is to decode the url again before it gets to the router of nodejs:

    const URI = require('urijs');

    const ensureEncoded = url => URI.encode(URI.decode(url));

    const urlInPathRegEx = /someUrlRegex(thePartExepectedToBeEncoded)/;

    server.use((req, res, next) => {
      const urlInPathMatch = req.path.match(urlInPathRegEx);
      if (urlInPathMatch) {
        const addressKey = urlInPathMatch[1];
        req.url = req.url.replace(addressKey, ensureEncoded(addressKey));
      }
      next();
    });

but i would strongly prefer to not hack like this...

@eugeneagafonov
Copy link

@vzaidman you can build and use the modified version. As far as I understand there are no plans to accept pull requests from this repo. You can try to mention this issue in azure iisnode repo

@amycai-arcadis
Copy link

Experiencing the same issue, any updates on this?

@Edgaras91
Copy link

Edgaras91 commented Jun 29, 2023
edited
Loading

for me, an Azure web app is not decoding "%3F" (?) in URL like this:
.../accounts%3FType=Business
resulting in 404
But is it working when hosted in IIS (but not local IIS for some reason)

We are running a Linux image in a Linux container.

Any solution? Else we can't migrate to Azure as other calling apps will break.

@eugeneagafonov
Copy link

eugeneagafonov commented Jun 29, 2023
edited
Loading

for me, an Azure web app is not decoding "%3F" (?) in URL like this: .../accounts%3FType=Business resulting in 404 But is it working when hosted in IIS (but not local IIS for some reason)

We are running a Linux image in a Linux container.

Any solution? Else we can't migrate to Azure as other calling apps will break.

No solution for Azure because this is handled before your app. This is considered as a security issue. Please follow this to check: #217 (comment)

One thing I suggest to try is a container app instead of web app (though It might be pretty much the same), or azure container instances, or any other hosting that might not have built-in load balancer. Probably AKS or Service Fabric.

If it's just one container and these options are too much overkill, try hosting this on a usual VM.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
9 participants
@dotnetwise @jsiler @nickdima @joaosa @eugeneagafonov @vzaidman @BorisJanischevsky @Edgaras91 @amycai-arcadis