Is it possible to disable escaping of query strings when forwarding request? #2264

marekott · 2023-09-29T11:03:52Z

marekott
Sep 29, 2023

Hi,
I have following scenario, I am sending GET request to Yarp in order to be forwarded: http://localhost:5123/api/sample-controller/v0/sample?filter=smth\.smth. Currently I am using Kong as an reverse proxy and it is not encoding \ character in query string so when this request is received in my asp net core application HttpContext.Request.QueryString.Value is equal to filter=smth\.smth. I want to change reverse proxy for Yarp, however I have encountered problem. Since Yarp is encoding \ (see screen below), in my code HttpContext.Request.QueryString.Value is equal to filter=smth%5C.smth. I am specifically interested in QueryString because of backwards combability of my application custom binders. I know that standard QueryStringValueProvider is able to decode this character.

So the question is if it is possible to disable query string encoding on Yarp side? I would like to make it behave just like Kong in order to avoid changing legacy part of my application.

I have tried to search for such option in Yarp documentation and source code but without success.

Answered by MihaZupan

Sep 29, 2023

Uri will escape such characters that it deems not safe to use in requests.

If in this case you know that this specific character is something you would want to let through, you can manually create the Uri and tell it not to make any more changes. Something along the lines of

services.AddReverseProxy()
    .AddTransforms(transforms =>
    {
        if (transforms.Route.RouteId == "myLegacyAppRoute")
        {
            transforms.AddRequestTransform(context =>
            {
                var query = context.Query.QueryString;

                if (query.HasValue && query.Value.Contains('\\'))
                {
                    var uri = RequestUtilities.MakeDestinationAddress(context.D…

View full answer

MihaZupan · 2023-09-29T11:33:02Z

MihaZupan
Sep 29, 2023
Maintainer

Uri will escape such characters that it deems not safe to use in requests.

If in this case you know that this specific character is something you would want to let through, you can manually create the Uri and tell it not to make any more changes. Something along the lines of

services.AddReverseProxy()
    .AddTransforms(transforms =>
    {
        if (transforms.Route.RouteId == "myLegacyAppRoute")
        {
            transforms.AddRequestTransform(context =>
            {
                var query = context.Query.QueryString;

                if (query.HasValue && query.Value.Contains('\\'))
                {
                    var uri = RequestUtilities.MakeDestinationAddress(context.DestinationPrefix, context.Path, query);

                    // Uri will escape '\' characters in the query string. Revert that transformation here.
                    var newUri = uri.AbsoluteUri.Replace("%5C", @"\", StringComparison.OrdinalIgnoreCase);

                    context.ProxyRequest.RequestUri = new Uri(newUri, new UriCreationOptions
                    {
                        DangerousDisablePathAndQueryCanonicalization = true
                    });
                }

                return default;
            });
        }
    })

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Is it possible to disable escaping of query strings when forwarding request? #2264

{{title}}

Replies: 1 comment

{{title}}

Select a reply

Is it possible to disable escaping of query strings when forwarding request? #2264

marekott Sep 29, 2023

Replies: 1 comment

MihaZupan Sep 29, 2023 Maintainer

marekott
Sep 29, 2023

MihaZupan
Sep 29, 2023
Maintainer