Tomcat 8 无法使用“|"处理获取请求在查询参数中? [英] Tomcat 8 is not able to handle get request with '|' in query parameters?
问题描述
我使用的是 Tomcat 8.在一种情况下,我需要处理来自外部源的外部请求,其中请求有一个参数,用 | 分隔.
I am using Tomcat 8. In one case I need to handle external request coming from external source where the request has a parameters where it is separated by |.
请求看起来像这样:
http://localhost:8080/app/handleResponse?msg=name|id|
在这种情况下,我收到以下错误.
In this case I am getting following error.
java.lang.IllegalArgumentException: Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986
at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:467)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:667)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:789)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:745)
编辑 1
它适用于 Apache Tomcat 8.0.30 但不适用于 Tomcat 8.5
It works with Apache Tomcat 8.0.30 but not with Tomcat 8.5
推荐答案
所有主要 Tomcat 版本中都引入了此行为:
This behavior is introduced in all major Tomcat releases:
- Tomcat 7.0.73、8.0.39、8.5.7
要修复,请执行以下操作之一:
To fix, do one of the following:
- 设置
relaxedQueryChars允许这个字符(推荐,参见林肯的回答) - 设置
requestTargetAllow选项(在 Tomcat 8.5 中已弃用)(参见 Jérémie 的回答). - 您可以降级到旧版本之一(不推荐 - 安全)
- set
relaxedQueryCharsto allow this character (recommended, see Lincoln's answer) - set
requestTargetAllowoption (deprecated in Tomcat 8.5) (see Jérémie's answer). - you can downgrade to one of older versions (not recommended - security)
根据 changelog,这些更改可能会影响此行为:
Based on changelog, those changes could affect this behavior:
Tomcat 8.5.3:
Tomcat 8.5.3:
确保 HTTP 方法名称不是令牌的请求(按照 RFC 7231 的要求)被拒绝并返回 400 响应
Ensure that requests with HTTP method names that are not tokens (as required by RFC 7231) are rejected with a 400 response
Tomcat 8.5.7:
Tomcat 8.5.7:
在 HTTP 请求行解析中添加对有效字符的额外检查,以便更快地拒绝无效请求行.
Add additional checks for valid characters to the HTTP request line parsing so invalid request lines are rejected sooner.
<小时>
最佳选择(遵循标准) - 您想在客户端对 URL 进行编码:
The best option (following the standard) - you want to encode your URL on client:
encodeURI("http://localhost:8080/app/handleResponse?msg=name|id|")
> http://localhost:8080/app/handleResponse?msg=name%7Cid%7C
或者只是查询字符串:
encodeURIComponent("msg=name|id|")
> msg%3Dname%7Cid%7C
它将保护您免受其他有问题的字符的影响(无效 URI 字符列表).
It will secure you from other problematic characters (list of invalid URI characters).
这篇关于Tomcat 8 无法使用“|"处理获取请求在查询参数中?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
