Reputation: 4019
Escaping slash in HTTP request
I perform a http DELETE request from Javascript to a Java web app. The web app uses Jersey to dispatch urls. Tricky thing is, I'm using a path parameter that contains a forward-slash (e.g. "XX/6666"). When I run in Jetty (maven plugin) it works fine, but when I run on my production server (Tomcat) it does not, i.e. I get a 404.
The forward slash is escaped using %2F so my request URL looks something like
DELETE http://.../4776/shipmentOrders/XX%2F6666
Is this allowed in the http specs, and is it possible Jetty and Tomcat interpret these differently?
Upvotes: 4
Views: 6265
Answers (2)
Reputation: 938
Tomcat (in versions 5, 6 and 7 I believe) purposefully prevents the usage of %2f in the path to prevent directory traversal attacks. You can allegedly turn this protection OFF by setting org.apache.tomcat.util.buf. UDecoder.ALLOW_ENCODED_SLASH=true. I've not personally tested this, but see others on the net claiming it resolved this for them. Note, however, that web servers in front of Tomcat may also intercept and rewrite the URL, automatically decoding %2f to the forward slash.
Reference: http://tomcat.apache.org/tomcat-7.0-doc/config/systemprops.html
Upvotes: 10
Reputation: 42017
Yes, to both: it is allowed, but it is possible that some servers reject the request for security reasons.
Upvotes: 2
Related Questions
- Webflux Webclient escape slash in URL
- Tomcat, JAX-RS (jersey), @PathParam: how to pass two variables containing slashes
- How to set ALLOW_ENCODED_SLASH in Tomcat 8
- Tomcat not allowing backslash in URLs in 9.0.7
- Slash(/) in URI gives HTTP 400 Bad request error from Tomcat
- Escaping a URL in Java
- how can I pass parameter with slash as the PathParam in rest API
- How to correctly escape '/' in Spring Rest @PathVariable
- how to pass special character '/' through a url
- How I can escape URL in Java (docs are not clear)?