zoukankan      html  css  js  c++  java

  • SpringBoot Undertow/Tomcat报错:Invalid character | in request-target

    本问题核心原因是http协议升级,因为网络安全问题日益严峻,RFC组织决定将RFC2616拆分并进行升级。

    RFC2616拆分后:

    • RFC7230 - HTTP/1.1: Message Syntax and Routing - low-level message parsing and connection management
    • RFC7231 - HTTP/1.1: Semantics and Content - methods, status codes and headers
    • RFC7232 - HTTP/1.1: Conditional Requests - e.g., If-Modified-Since
    • RFC7233 - HTTP/1.1: Range Requests - getting partial content
    • RFC7234 - HTTP/1.1: Caching - browser and intermediary caches
    • RFC7235 - HTTP/1.1: Authentication - a framework for HTTP authentication

    今天出现问题的主角也和上面有关,还涉及一个协议

    RFC 3986 - Uniform Resource Identifier (URI): Generic Syntax

     

    因为防止sql注入,新RFC将|视为非法路径符号。

    解决方法如下:

    undertow RFC 7230 and RFC 3986 compatibility 

     

    代码

        @Bean
    public ConfigurableServletWebServerFactory webServerFactory() {
        UndertowServletWebServerFactory factory =new UndertowServletWebServerFactory();
        
        factory.addBuilderCustomizers(builder -> builder.setServerOption(UndertowOptions.ALLOW_UNESCAPED_CHARACTERS_IN_URL, Boolean.TRUE)); //url配置
        factory.addBuilderCustomizers(builder -> builder.setServerOption(UndertowOptions.ALLOW_EQUALS_IN_COOKIE_VALUE, Boolean.TRUE));
        factory.addBuilderCustomizers(builder -> builder.setServerOption(UndertowOptions.ALLOW_ENCODED_SLASH,Boolean.TRUE));
        return factory;
    }

    参考资料:https://my.oschina.net/qinerg/blog/3122953

    Tomcat解决办法:

    @Bean
public ConfigurableServletWebServerFactory webServerFactory() {
    TomcatServletWebServerFactory factory = new TomcatServletWebServerFactory();
    factory.addConnectorCustomizers(new TomcatConnectorCustomizer() {
        @Override
        public void customize(Connector connector) {
            connector.setProperty("relaxedQueryChars", "|{}[]");
        }
    });
    return factory;
}

    参考:https://stackoverflow.com/questions/46251131/invalid-character-found-in-the-request-target-in-spring-boot

    本博客文章绝大多数为原创,少量为转载,代码经过测试验证,如果有疑问直接留言或者私信我。
    创作文章不容易,转载文章必须注明文章出处;如果这篇文章对您有帮助,点击右侧打赏,支持一下吧。
  • 相关阅读:
    【图像处理】【SEED-VPM】7.ubuntu10.04下 TFTP,NFS 安装指南
    【图像处理】【SEED-VPM】6.文件目录结构
    【DIY】【外壳】木板 & 亚克力 加工
    【图像处理】【SEED-VPM】5.uImage的烧写 & NFS烧写文件系统
    【PCB】【AD使用】Altium Designer 的entry sheet ,offsheet和port作用
    【PCB】【项目记录】AWG任意波形产生器
    【图像处理】【SEED-VPM】4.串口调试信息
    【图像处理】【SEED-VPM】3.外设信息
    【图像处理】【SEED-VPM】2.接口
    【图像处理】【SEED-VPM】1.注意点
  • 原文地址:https://www.cnblogs.com/passedbylove/p/13366447.html
Copyright © 2011-2022 走看看