Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Major
Fix Version/s: 2.9 GA
Affects Version/s: 2.7 GA
Component/s: Gateway
Labels:
- support

3Scale PT Tested upstream:
Not Started
3scale PT Docs:
Not Started
3scale PT Product Specs:
Not Started
3scale PT Product Update Ready:
Not Started
3scale PT Released In Saas:
Not Started
3scale PT Verified Product:
Not Started
QE Test Coverage:
+
Target Release:

2.9 CR1

Steps to Reproduce:

Hide

Routing policy set as follows:

{
    "name": "routing",
    "version": "builtin",
    "configuration": {
        "rules": [
            {
                "url": "https://echo-api.3scale.net:443",
                "condition": {
                    "combine_op": "and",
                    "operations": [
                        {
                            "op": "matches",
                            "value": "/foo/.*|/foo/?",
                            "value_type": "plain",
                            "match": "path"
                        }
                    ]
                },
                "replace_path": "{{original_request.path | remove_first: '/foo'}}"
            }
        ]
    }
}

Example request and response:

curl -k "https://api-3scale-apicast-staging.amp27.127.0.0.1.nip.io:443/foo/TC_%EF%BD%BC%EF%BD%AE%EF%BD%B0%EF%BE%84" -H'user_key: 178f88decc24dd60ddf9e386467bf615' -v
*   Trying 127.0.0.1:443...
* TCP_NODELAY set
* Connected to api-3scale-apicast-staging.amp27.127.0.0.1.nip.io (127.0.0.1) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
  CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: CN=*.router.default.svc.cluster.local
*  start date: May 23 14:29:06 2020 GMT
*  expire date: May 23 14:29:07 2022 GMT
*  issuer: CN=openshift-signer@1590244037
*  SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
> GET /foo/TC_%EF%BD%BC%EF%BD%AE%EF%BD%B0%EF%BE%84 HTTP/1.1
> Host: api-3scale-apicast-staging.amp27.127.0.0.1.nip.io
> User-Agent: curl/7.66.0
> Accept: */*
> user_key: 178f88decc24dd60ddf9e386467bf615
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Server: openresty
< Date: Wed, 24 Jun 2020 08:09:50 GMT
< Content-Type: application/json
< Content-Length: 806
< Cache-control: private
* Added cookie d8c1dd0e39ac4456ed39ce5889b9a5a5="0c7f2c0330d234a4d2cf2b1f84e8bb78" for domain api-3scale-apicast-staging.amp27.127.0.0.1.nip.io, path /, expire 0
< Set-Cookie: d8c1dd0e39ac4456ed39ce5889b9a5a5=0c7f2c0330d234a4d2cf2b1f84e8bb78; path=/; HttpOnly
< Vary: Origin
< X-3scale-Echo-API: echo-api/1.0.0
< X-Content-Type-Options: nosniff
* Added cookie fa8171534cb54a0687d01ba6963bc133="77a8675a55f90162ca4eef91163a3f6d" for domain api-3scale-apicast-staging.amp27.127.0.0.1.nip.io, path /, expire 0
< Set-Cookie: fa8171534cb54a0687d01ba6963bc133=77a8675a55f90162ca4eef91163a3f6d; path=/; HttpOnly; Secure
< 
{
  "method": "GET",
  "path": "/TC_%25EF%25BD%25BC%25EF%25BD%25AE%25EF%25BD%25B0%25EF%25BE%2584",
  "args": "",
  "body": "",
  "headers": {
    "HTTP_VERSION": "HTTP/1.1",
    "HTTP_HOST": "echo-api.3scale.net",
    "HTTP_ACCEPT": "*/*",
    "HTTP_USER_AGENT": "curl/7.66.0",
    "HTTP_USER_KEY": "178f88decc24dd60ddf9e386467bf615",
    "HTTP_X_3SCALE_PROXY_SECRET_TOKEN": "Shared_secret_sent_from_proxy_to_API_backend_c8aa4331945b52aa",
    "HTTP_X_REAL_IP": "172.17.0.1",
    "HTTP_X_FORWARDED_FOR": "127.0.0.1, 79.41.243.119, 10.0.101.161",
    "HTTP_X_FORWARDED_HOST": "echo-api.3scale.net",
    "HTTP_X_FORWARDED_PORT": "443",
    "HTTP_X_FORWARDED_PROTO": "https",
    "HTTP_FORWARDED": "for=10.0.101.161;host=echo-api.3scale.net;proto=https"
  },
  "uuid": "975a33ba-d999-4ca1-b2f6-bd8e1674568b"
* Connection #0 to host api-3scale-apicast-staging.amp27.127.0.0.1.nip.io left intact
}

Show

Routing policy set as follows: { "name" : "routing" , "version" : "builtin" , "configuration" : { "rules" : [ { "url" : "https: //echo-api.3scale.net:443" , "condition" : { "combine_op" : "and" , "operations" : [ { "op" : "matches" , "value" : "/foo/.*|/foo/?" , "value_type" : "plain" , "match" : "path" } ] }, "replace_path" : "{{original_request.path | remove_first: '/foo' }}" } ] } } Example request and response: curl -k "https: //api-3scale-apicast-staging.amp27.127.0.0.1.nip.io:443/foo/TC_%EF%BD%BC%EF%BD%AE%EF%BD%B0%EF%BE%84" -H 'user_key: 178f88decc24dd60ddf9e386467bf615' -v * Trying 127.0.0.1:443... * TCP_NODELAY set * Connected to api-3scale-apicast-staging.amp27.127.0.0.1.nip.io (127.0.0.1) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS handshake, Finished (20): * SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256 * ALPN, server did not agree to a protocol * Server certificate: * subject: CN=*.router. default .svc.cluster.local * start date: May 23 14:29:06 2020 GMT * expire date: May 23 14:29:07 2022 GMT * issuer: CN=openshift-signer@1590244037 * SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway. > GET /foo/TC_%EF%BD%BC%EF%BD%AE%EF%BD%B0%EF%BE%84 HTTP/1.1 > Host: api-3scale-apicast-staging.amp27.127.0.0.1.nip.io > User-Agent: curl/7.66.0 > Accept: */* > user_key: 178f88decc24dd60ddf9e386467bf615 > * Mark bundle as not supporting multiuse < HTTP/1.1 200 OK < Server: openresty < Date: Wed, 24 Jun 2020 08:09:50 GMT < Content-Type: application/json < Content-Length: 806 < Cache-control: private * Added cookie d8c1dd0e39ac4456ed39ce5889b9a5a5= "0c7f2c0330d234a4d2cf2b1f84e8bb78" for domain api-3scale-apicast-staging.amp27.127.0.0.1.nip.io, path /, expire 0 < Set-Cookie: d8c1dd0e39ac4456ed39ce5889b9a5a5=0c7f2c0330d234a4d2cf2b1f84e8bb78; path=/; HttpOnly < Vary: Origin < X-3scale-Echo-API: echo-api/1.0.0 < X-Content-Type-Options: nosniff * Added cookie fa8171534cb54a0687d01ba6963bc133= "77a8675a55f90162ca4eef91163a3f6d" for domain api-3scale-apicast-staging.amp27.127.0.0.1.nip.io, path /, expire 0 < Set-Cookie: fa8171534cb54a0687d01ba6963bc133=77a8675a55f90162ca4eef91163a3f6d; path=/; HttpOnly; Secure < { "method" : "GET" , "path" : "/TC_%25EF%25BD%25BC%25EF%25BD%25AE%25EF%25BD%25B0%25EF%25BE%2584" , "args" : "", "body" : "", "headers" : { "HTTP_VERSION" : "HTTP/1.1" , "HTTP_HOST" : "echo-api.3scale.net" , "HTTP_ACCEPT" : "*/*" , "HTTP_USER_AGENT" : "curl/7.66.0" , "HTTP_USER_KEY" : "178f88decc24dd60ddf9e386467bf615" , "HTTP_X_3SCALE_PROXY_SECRET_TOKEN" : "Shared_secret_sent_from_proxy_to_API_backend_c8aa4331945b52aa" , "HTTP_X_REAL_IP" : "172.17.0.1" , "HTTP_X_FORWARDED_FOR" : "127.0.0.1, 79.41.243.119, 10.0.101.161" , "HTTP_X_FORWARDED_HOST" : "echo-api.3scale.net" , "HTTP_X_FORWARDED_PORT" : "443" , "HTTP_X_FORWARDED_PROTO" : "https" , "HTTP_FORWARDED" : " for =10.0.101.161;host=echo-api.3scale.net;proto=https" }, "uuid" : "975a33ba-d999-4ca1-b2f6-bd8e1674568b" * Connection #0 to host api-3scale-apicast-staging.amp27.127.0.0.1.nip.io left intact }

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

When the request goes through the routing policy, the path is encoded, for example the `%` character is replaced with `%25`.

In the example in section Steps to Reproduce,

%EF%BD%BC%EF%BD%AE%EF%BD%B0%EF%BE%84

is replaced with

%25EF%25BD%25BC%25EF%25BD%25AE%25EF%25BD%25B0%25EF%25BE%2584

This happens even when the Routing policy is set manually in the policy chain.

relates to

THREESCALE-7130 APIaaP is causing URL encoding on API requests' paths

Closed

Assignee:: Unassigned

Reporter:: Samuele Illuminati (Inactive)

Tester:: David Rajnoha (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2020/06/24 4:58 AM

Updated:: 2023/10/07 5:20 AM

Resolved:: 2020/07/24 2:28 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates