olingo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Christian Amend (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (OLINGO-1220) Bad request (error 400) for entries with slash or backslash character in string literal of key predicate
Date Wed, 03 Jan 2018 12:11:00 GMT

     [ https://issues.apache.org/jira/browse/OLINGO-1220?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Christian Amend resolved OLINGO-1220.
-------------------------------------
    Resolution: Information Provided
      Assignee: Christian Amend

Hi Michele,

the Olingo library does not block this. This is usually done by the runtime environment e.g.
Apache Tomcat as a security measure. You can check this by looking at the response body. If
you see an empty response body the request does not even reach the Olingo servlet. If you
get back an OData Error Document then there is a bug in the library. In this case we would
need a stacktrace tif possible to troubleshoot the issue.

Here is a stackoverflow answer for Apache Tomcat: https://stackoverflow.com/questions/9719224/coding-forward-and-backward-slashes-in-tomcat-7

Best Regards,
Christian

> Bad request (error 400) for entries with slash or backslash character in string literal
of key predicate
> --------------------------------------------------------------------------------------------------------
>
>                 Key: OLINGO-1220
>                 URL: https://issues.apache.org/jira/browse/OLINGO-1220
>             Project: Olingo
>          Issue Type: Bug
>          Components: odata2-core
>    Affects Versions: V2 2.0.9, V2 2.0.10
>            Reporter: M Carissimi
>            Assignee: Christian Amend
>            Priority: Critical
>
> Hello,
> our OData service implemented with Olingo 2.0.x refuses to accept requests for entries
where the string literal of a key predicate contains the slash (/) or backslash (\) characters.
In both cases encoding the slash or backslash character with the corresponding code (%2F and
%5C respectively) does not resolve the issue. In all cases an error 400 is returned by Olingo
> These are some example of failing URLs:
> https://<servername>/odata/WELL('Alice-09-d%2Fe')
> https://<servername>/odata/WELL('Alice-12-k%5Cm')
> Can you please investigate this issue and let me know if there's anything we can do in
our code to prevent it from happening?
> Regards
> Michele



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message