Thanks to visit codestin.com
Credit goes to github.com

Skip to content

[HttpClient] Fix over-encoding of URL parts to match browser's behavior #49299

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Feb 10, 2023
Merged

[HttpClient] Fix over-encoding of URL parts to match browser's behavior #49299

merged 1 commit into from
Feb 10, 2023

Conversation

nicolas-grekas
Copy link
Member

Q A
Branch? 5.4
Bug fix? yes
New feature? no
Deprecations? no
Tickets Fix #48315
License MIT
Doc PR -

Yes, the RFC says these chars should be url-encoded:

[ ] \ ^ ` { | }

But in practice, browser's don't encode them, and some servers don't expect them to be encoded either.
See https://stackoverflow.com/questions/2366260/whats-valid-and-whats-not-in-a-uri-query for some pointers.

@carsonbot carsonbot added this to the 5.4 milestone Feb 8, 2023
@nicolas-grekas nicolas-grekas changed the title Remove unused data provider [HttpClient] Fix over-encoding of URL parts to match browser's behavior Feb 8, 2023
@nicolas-grekas nicolas-grekas mentioned this pull request Feb 8, 2023
Closed
@nicolas-grekas nicolas-grekas merged commit ec8d458 into symfony:5.4 Feb 10, 2023
@nicolas-grekas nicolas-grekas deleted the hc-url-dec branch February 10, 2023 11:45
This was referenced Feb 28, 2023
Merged
Merged
@pl-github pl-github mentioned this pull request Mar 2, 2023
Closed
@fherbin fherbin mentioned this pull request Mar 2, 2023
Open
@kwisatz
Copy link

kwisatz commented Mar 29, 2023
edited
Loading

For what it's worth, this is breaking an API client to WooCommerce for us.

With 5.4.20

> GET /wp-json/wc/v3/orders?status%5B0%5D=processing&status%5B1%5D=completed&after=2023-03-29T10%3A35%3A09%2B02%3A00&before=2023-03-29T11%3A04%3A18%2B02%3A00 HTTP/2
Host: gazon-naturel-en-rouleau.fr
pragma: No-cache
accept: */*
authorization: Basic **********
user-agent: Symfony HttpClient/Curl
accept-encoding: gzip

* old SSL session ID is stale, removing
* Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
< HTTP/2 200

With 5.4.21

> GET /wp-json/wc/v3/orders?status[0]=processing&status[1]=completed&after=2023-03-29T10:35:09+02:00&before=2023-03-29T11:02:48+02:00 HTTP/2
Host: gazon-naturel-en-rouleau.fr
pragma: No-cache
accept: */*
authorization: Basic *************
user-agent: Symfony HttpClient/Curl
accept-encoding: gzip

* old SSL session ID is stale, removing
* Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
< HTTP/2 400

This is how the request is constructed:

$response = $client->request(
    'GET',
    $this->currentShop['endpoint'],
    [
        'auth_basic' => [
            $this->currentShop['api_key'],
            $this->currentShop['api_secret']
        ],
        'headers' => [
            'Pragma' => 'No-cache',
        ],
        'query' => [
            'status' => ['processing', 'completed'],
            'after' => $dates['after']->modify('-5 minutes')->format('c'),
            'before' => $dates['before']->modify('-5 minutes')->format('c'),
        ],
        'on_progress' => function () use ($downloadProgress): void {
            $downloadProgress->advance();
        },
    ]
);

@nicolas-grekas
Copy link
Member Author

Which part/character? You can know by generating the query string on your own to test.

@kwisatz
Copy link

kwisatz commented Mar 29, 2023

It's the plus signs here.
Guessing the problem is that un-encoded plus signs stand for space, but here, they stand for timezone offsets. So they must be encoded to plus signs, not spaces.

@nicolas-grekas
Copy link
Member Author

OK, so this is #49579, fixed in the next release.

@kwisatz
Copy link

kwisatz commented Mar 29, 2023 via email

@Kozzi11
Copy link

Kozzi11 commented Jun 15, 2023
edited
Loading

This has broken our aplication should not we stick confrontant to RFC?

@chalasr
Copy link
Member

chalasr commented Jun 15, 2023

@Kozzi11 Please open a new issue if you think this introduced a bug.
Also note that unlike your application, Symfony is mostly non-profit work so please use a more relaxed language.

@Kozzi11 Kozzi11 mentioned this pull request Jun 15, 2023
Closed
@Kozzi11
Copy link

Kozzi11 commented Jun 15, 2023
edited
Loading

@Kozzi11 Please open a new issue if you think this introduced a bug. Also note that unlike your application, Symfony is mostly non-profit work so please use a more relaxed language.

@chalasr Yeah you are right, I appologize for that. I have created Issue #50670 and PR #50671

@Kozzi11 Kozzi11 mentioned this pull request Jun 21, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@OskarStark OskarStark Awaiting requested review from OskarStark OskarStark is a code owner

Assignees
No one assigned
Labels
Bug HttpClient Status: Needs Review
Projects
None yet
Milestone
5.4
Development

Successfully merging this pull request may close these issues.
6 participants
@nicolas-grekas @kwisatz @Kozzi11 @chalasr @xabbuh @carsonbot