得到一个URL与URL-CN codeD斜线 [英] GETting a URL with an url-encoded slash

问题描述

我想发出一个HTTP GET来 http://example.com/%2F 。我的第一个猜想是这样的：

 使用（Web客户端Web客户端=新的Web客户端（））
{
  webClient.DownloadData（http://example.com/%2F）;
}
 

不幸的是，我可以看到什么是真正在网络上发送的：

  GET // HTTP / 1.1
主持人：example.com
连接：保持活动
 

所以 http://example.com/%2F 被翻译成的http://example.com// 之前发射的。

有没有办法实际发送此GET请求？

的OCSP协议任务使用OCSP通过HTTP / GET时发送一个基64编码的URL编码，因此有必要发送一个实际％2F而非'/'是柔顺。

编辑：

下面是OCSP协议标准（ RFC 2560 附录A.1.1）的相关部分：

  

使用GET方法的OCSP请求的结构如下：

     

    

GET {URL}

/ {中的OCS prequest DER编码的基64编码的URL编码}   

我对这个其他的读数很开放，但我看不出还有什么可以的意思。

解决方案

默认情况下，乌里类将不允许逃脱 / 字符（％2F ）的URI（尽管这似乎是合法的，在我的阅读中的 RFC 3986 ）。

 开放的URI =新的URI（http://example.com/%2F）;
Console.WriteLine（uri.AbsoluteUri）; //输出：http://example.com//
 

（注：不使用Uri.ToString 来打印的URI。 ）

根据<一href="https://connect.microsoft.com/VisualStudio/feedback/details/511010/erroneous-uri-parsing-for-en$c$cd-reserved-characters-according-to-rfc-3986">bug报告在Microsoft Connect上这个问题，这种行为是由设计，但你可以解决它通过添加以下到您的app.config或web.config文件：

 ＆LT; URI＆GT;
  ＆LT; schemeSettings＆GT;
    ＆LT;添加名称=HTTPgenericUriParserOptions =DontUnescapePathDotsAndSlashes/＆GT;
  ＆LT; / schemeSettings＆GT;
＆LT; / URI＆GT;
 

（从 http://stackoverflow.com/a/10415482 转载，因为这是官方的方式来避免这种错误，而无需使用反射来修改私有字段。）

编辑：的连接错误报告将不再可见，但文档为＆LT; schemeSettings＆GT; 建议使用此方法，允许逃脱 / 字符的URI。注（根据该条），有可能是不处理逃组件的安全隐患斜杠正确。

I want to send a HTTP GET to http://example.com/%2F. My first guess would be something like this:

using (WebClient webClient = new WebClient())
{
  webClient.DownloadData("http://example.com/%2F");
}

Unfortunately, I can see that what is actually sent on the wire is:

GET // HTTP/1.1
Host: example.com
Connection: Keep-Alive

So http://example.com/%2F gets translated into http://example.com// before transmitting it.

Is there a way to actually send this GET-request?

The OCSP-protocol mandates sending the url-encoding of a base-64-encoding when using OCSP over HTTP/GET, so it is necessary to send an actual %2F rather than an '/' to be compliant.

EDIT:

Here is the relevant part of the OCSP protocol standard (RFC 2560 Appendix A.1.1):

An OCSP request using the GET method is constructed as follows:

GET {url}/{url-encoding of base-64 encoding of the DER encoding of the OCSPRequest}

I am very open to other readings of this, but I cannot see what else could be meant.

解决方案

By default, the Uri class will not allow an escaped / character (%2f) in a URI (even though this appears to be legal in my reading of RFC 3986).

Uri uri = new Uri("http://example.com/%2F");
Console.WriteLine(uri.AbsoluteUri); // prints: http://example.com//

(Note: don't use Uri.ToString to print URIs.)

According to the bug report for this issue on Microsoft Connect, this behaviour is by design, but you can work around it by adding the following to your app.config or web.config file:

<uri>
  <schemeSettings>
    <add name="http" genericUriParserOptions="DontUnescapePathDotsAndSlashes" />
  </schemeSettings>
</uri>

(Reposted from http://stackoverflow.com/a/10415482 because this is the "official" way to avoid this bug without using reflection to modify private fields.)

Edit: The Connect bug report is no longer visible, but the documentation for <schemeSettings> recommends this approach to allow escaped / characters in URIs. Note (as per that article) that there may be security implications for components that don't handle escaped slashes correctly.

这篇关于得到一个URL与URL-CN codeD斜线的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！