This repository was archived by the owner on Nov 1, 2018. It is now read-only.
This repository was archived by the owner on Nov 1, 2018. It is now read-only.
HttpPlatformHandler forwards the path un-escaped, breaks for ? #33
Closed
Description
When HttpPlatformHandler forwards the request path and query, it uses the un-escaped path and the original escaped query. This causes a few issues:
- Query - If there is an escaped
?(%3F) in the original path it is un-escaped and forwarded. The back-end server (kestrel, weblistener) then interprets this as the query separator, breaking both path and query. There is no workaround. - Backslash - %5C is unescaped to
\and then converted to/, confusing routing - Double un-escaping - This would be a problem if you sent
/%25%34%31, except IIS's request filtering logic blocks %25 by default.