在重定向上解码的URL编码参数中的hashtags(#) [英] hashtags (#) in URL encoded parameters decoded on redirect
问题描述
我有一个双服务器系统...一个托管应用程序,另一个托管身份验证/授权。当应用检测到用户尚未登录时,它会重定向到auth服务器,并作为参数传递用户最初请求的URL,以便在身份验证后,用户将被重定向回应用服务器最初请求的确切网址。
I have a two server system... one hosting the app and the other hosting the authentication/authorization. When the app detects the user isn't logged in yet, it redirects to the auth server and passes, as a parameter, the URL originally requested by the user so that after authentication, the user will be redirected back to the app server to the exact URL originally requested.
但是,如果原始网址包含#,则整个例程都会被清除。似乎浏览器正在解码url编码的参数,因此,在#到场之后丢弃任何内容。我在Chrome,Safari和Firefox上试过这个。
However, if that original URL contains a #, the whole routine is hosed. It appears that the browsers are decoding the url encoded parameter and, as a consequence, dropping anything after the # to the floor. I've tried this on Chrome, Safari and Firefox.
示例:
原始网址:
https://xxx.com/#/main/by-users?param1=53¶m2=13¶m3=39
重定向网址:
https://yyy.com/signin/?returnURL=https%3A%2F%2Fxxx.com%3A80%2F%23%2Fmain%2Fby-users%3Fparam1%3D53%26param2%3D13%26param3%3D39
浏览器显示:
https://yyy.com/signin/?returnURL=https%3A%2F%2Fxxx.com%2F#/main/by-users?param1=53¶m2=13¶m3=39
如您所见,#之后及之后的所有内容都被解码。因此,服务器永远不会获得完整的'returnURL'参数值。它基本上只是
As you can see, everything including and after the # is decoded. Thus the server never gets the full 'returnURL' parameter value. It basically just gets
https://xxx.com/
这必须是某个地方的某些规范的一部分,尽管看起来很疯狂,编码#应该被解码和处理,好像它从来没有编码过。但是如何解决这个问题?
This must be part of some spec someplace, though it seems insane that an encoded # should be decoded and dealt with as if it were never encoded in the first place. But how does one get around this?
谢谢。
推荐答案
不确定它是否是最佳解决方案,或者即使您可以控制它,但如果您进行双重编码,它可能会起作用:例如,而不是%23,请使用%2523。
Not sure if it is the best solution or even if you can control this, but it may work if you do double-encoding: for example, instead of "%23", make it use "%2523".
然后,不需要的解码应将%2523转换为%23,将所需结果保留在浏览器显示的重定向网址中。
The unwanted decoding should then convert "%2523" to "%23", leaving the desired result in the redirect URL that the browser shows.
这篇关于在重定向上解码的URL编码参数中的hashtags(#)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!