4

Whenever i'm trying to use {} or [] in url query string getting bad request.

How i can enable this in wildfly?

eg: https://stackoverflow.com?someVar={}

  • Take look at this [Java URL encoding of query string parameters](https://stackoverflow.com/questions/10786042/java-url-encoding-of-query-string-parameters) – Bakudan Jun 27 '18 at 07:19
  • can you please hit this https://stackoverflow.com?someVar={}... in my case its not working –  Jun 27 '18 at 07:24

3 Answers3

3

In JBoss 7.2, I had to edit the standalone.xml and make the following change to get it working:

<http-listener name="default" socket-binding="http" allow-unescaped-characters-in-url="true" redirect-socket="https" enable-http2="true"/>

Note that I have added a new attribute called allow-unescaped-characters-in-url="true".

The -Dorg.wildfly.undertow.ALLOW_UNESCAPED_CHARACTERS_IN_URL=true didn't work.

Anu Shibin Joseph Raj
  • 777
  • 10
  • 27
1

There is a configuration option in undertow, which allows special characters as umlauts, {}, etc in the URL.

The property is: org.wildfly.undertow.ALLOW_UNESCAPED_CHARACTERS_IN_URL, e.g.:

./bin/standalone.sh -Dorg.wildfly.undertow.ALLOW_UNESCAPED_CHARACTERS_IN_URL=true
Federico Sierra
  • 5,118
  • 2
  • 23
  • 36
0

By “default allow-unescaped-character-in-url” is set to false and in general, should not be needed as most clients correctly encode characters. Please take note that setting this to true can be considered as a security risk, as allowing non-standard characters can allow request smuggling attacks in some circumstances.

That being said, this issue can be resolved by following below steps:

  • Login to your Widfly Admin console
  • Navigate to Configuration=>Subsystems/Subsystem=>web/Settings=>Server/Server=>default-server=>htpp-listener
  • Click Edit and set “ALLOW UNESCAPED CHARACTERS IN URL” to True
  • Reload the application

Please refer to below image for more details

WIDFLY ALLOW UNESCAPED CHARACTERS IN URL

Community
  • 1
  • 1
eliarms
  • 551
  • 4
  • 6