hackney icon indicating copy to clipboard operation
hackney copied to clipboard

Published 20 hours ago verified publisher icon benoitc

URL params in relative redirect URL get mangled

Open nathanl opened this issue 6 years ago • 3 comments

I have an "index" API endpoint that requires pagination params. If you request it without them, it redirects you to make the same request with pagination params.

Eg, /api/v1/things redirects to /things?max_page=3&page=1&per_page=10&total_count=21. The URL is correct in the location: header of the HTTP response (seen using curl -v), and a request to that exact URL with curl succeeds.

However, when hackney follows the redirect, it makes a request to /api/v1/things%3fpage=1%26per_page=10%26max_page=3%26total_count=21, which fails. I think this is because of its attempt to normalize it: https://github.com/benoitc/hackney/blob/3e4e49de4681de381317f752773a8bbbe833c3fe/src/hackney.erl#L872-L889

If I switch the redirect to use an absolute URL, hackney behaves correctly, but the current behavior is confusing.

nathanl avatar May 23 '19 21:05 nathanl

Right. I should use the raw path and just append it probably. I will have a look in the next version. However please note that the Location should be an absolute url normally, if you have any control on the server that would be good to pass it anyway :)

benoitc avatar Sep 23 '19 22:09 benoitc

Thanks. :)

However please note that the Location should be an absolute url normally, if you have any control on the server that would be good to pass it anyway :)

Yep, that might be more "normal". However, MDN says it can be relative, and in our case, the reason we want it to be relative is that the service is running behind a reverse proxy. The reverse proxy translates the port and adds TLS.

So maybe you make a request to https://mysite.com/foo, but the reverse proxy hands that over to http://localhost:5000/foo on the server. If the service behind the proxy generates the full URL for the redirect, it would say it's sending you to http://localhost:5000/bar- wrong port and wrong scheme. But if it can send you to /bar, you'll know that's relative to https://mysite.com on port 443.

nathanl avatar Sep 24 '19 14:09 nathanl

I have been bitten by this bug as well. Simply skipping the normalization seems to be solving the issue for me.

xpgdk avatar Oct 16 '19 07:10 xpgdk