Kong
feat(router) add decode_uri_captures parameter
Add a new parameter decode_uri_captures to decide whether to normalize the captured request URI after route matching.
New feature for #7913
Summary
Add a new parameter decode_uri_captures to decide whether to normalize the captured request URI after route matching.
Only allow setting on or off:
on: Captured request URI decoding is enabled.off: Captured request URI decoding is disabled.
By default, this value is set as on.
Examples of decode_uri_captures = on behavior:
- Assuming that the route path is
/plain/(a%2Eb%20c)/(.*)and the request URI is/plain/a%2Eb%20c/a%2Eb%20c, the captured request URI is decoded as/plain/a.b c/a.b c. - Assuming that the route path is
/plain/(a.b c)/(.*)and the request URI is/plain/a%2Eb%20c/a%2Eb%20c, the captured request URI is decoded as/plain/a.b c/a.b c.
Examples of decode_uri_captures = off
- Assuming that the route path is
/plain/(a%2Eb%20c)/(.*)and the request URI is/plain/a%2Eb%20c/a%2Eb%20c, the captured request URI is/plain/a%2Eb%20c/a%2Eb%20cwithout URI decoding. - Assuming that the route path is
/plain/(a.b c)/(.*)and the request URI is/plain/a%2Eb%20c/a%2Eb%20c, the request URI can not match the route path without URI decoding. As a result, the captured request URI is decoded as/plain/a.b c/a.b c.
Full changelog
- Add a parameter
decode_uri_capturesto only decide whether to decode captured request URI or not (Do not have affect for route matching and upstream request) - Use a self parameter(decode_uri_captures) of kong.router to load the new parameter.
- Add unit tests
Issues resolved
Fix #7913
Replace normalize_req_uri with decode_uri_captures to only affect captured request URI.
When decode_uri_captures is set as on, the behavior is the same as previous.
When decode_uri_captures is set as off,
kong will first try to get undecoded uri_captures by using unnormalized req_uri and unnormalized regex like below example-1:
Regex: /plain/(a%2Eb%20c)/(.*)
Request URI: /plain/a%2Eb%20c/a%2Eb%20c
then the uri_captures is /plain/a%2Eb%20c/a%2Eb%20c without URI decoding.
If kong failed to get uri_captures, it will nomalize req_uri and regex to get decoded uri_captures instead
like below example-2:
Regex: /plain/(a.b c)/(.*)
Request URI: /plain/a%2Eb%20c/a%2Eb%20c
The request URI can not match the regex without URI decoding.
As a result, the uri_captures is decoded as /plain/a.b c/a.b c.
Now customers are able to get undecoded uri_captures by setting decode_uri_captures as off
and using a correct regex for a route path.
It means customers have to consider what is the actual request URI passed to Kong,
then try to match that request URI with route path without URI decoding like the example-1.
I don't think we want this to be configuration option. We just need to do proper thing.
