java.lang.IllegalArgumentException: 在请求目标中发现无效字符.有效字符在 RFC 7230 和 RFC 3986 中定义 [英] java.lang.IllegalArgumentException: Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986

问题描述

java.lang.IllegalArgumentException: 
Invalid character found in the request target. 
The valid characters are defined in RFC 7230 and RFC 3986

这个异常是在Get URLs中传入中文引起的.如何在 tomcat 中解决此问题?

This exception is caused by passing Chinese words in Get URLs. How can I resolve this issue in tomcat ?

我们不想降低Tomcat版本并要求我们的客户对参数进行编码.

We don't want to reduce the Tomcat version and ask our customer to encode the parameters.

有没有办法通过更改 tomcat 中的配置来解决这个问题?

Is there a way to fix this issue by changing configurations in tomcat ?

推荐答案

在 Tomcat 中没有办法解决这个问题.这些请求不符合规范，因此 Tomcat 不会允许它们.围绕系统中不同组件对此类 URL 的不同反应的安全问题由来已久.通常采用标头和/或请求注入的形式.因此，Tomcat的URL解析已经收紧，放松的可能性极小.

There is no way to fix this in Tomcat. The requests are not specification compliant so Tomcat will not permit them. There is a long history of security issues around different components in a system reacting differently to such URLs. Usually in the form of header and/or request injection. As a result, Tomcat's URL parsing has been tightened up and it is extremely unlikely it will be relaxed.

出于同样的原因，httpd 正朝着同一个方向发展.

httpd is heading in the same direction for the same reasons.

最好的长期选择是向客户端指出他们发送的请求不符合规范，他们需要修复它们(通过使用适当的 %nn 编码).在 Tomcat 端，确保 Tomcat 使用的是 UTF-8.这是较新版本的默认设置.您可能需要在旧版本上明确设置它.

The best long term option is to point out to the clients that the requests they are sending are not specification compliant and that they need to fix them (by using appropriate %nn encoding). On the Tomcat side, make sure Tomcat is using UTF-8. That is the default on newer versions. You might need to explicitly set it on older releases.

这篇关于java.lang.IllegalArgumentException: 在请求目标中发现无效字符.有效字符在 RFC 7230 和 RFC 3986 中定义的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！