code-server icon indicating copy to clipboard operation
code-server copied to clipboard
verified publisher icon coder

[Bug]: GET query ends up encoded twice when using /proxy/port but /absproxy/port working fine

Open erickweil opened this issue 2 years ago • 4 comments

Is there an existing issue for this?

  • [X] I have searched the existing issues

OS/Web Information

  • Web Browser: Firefox 114.0.2 (64-bits)
  • Local OS: Windows 10 Home Single Language
  • Remote OS: It's a Docker container with vscode-server installed manually. (ghcr.io/nestybox/ubuntu-jammy-systemd-docker:latest), Host OS: Ubuntu 22.04.2 LTS (Jammy Jellyfish)
  • Remote Architecture: x86_64
  • code-server --version: 1.79.2 695af097c7bd098fbf017ce3ac85e09bbc5dda06 x64

Steps to Reproduce

  1. Inside Code-Server, run any program that listen HTTP traffic. Example python program to log HTTP traffic (The problem happens on any http server not only this example. I found it when running a nodejs application):
#!/usr/bin/env python3
from http.server import BaseHTTPRequestHandler, HTTPServer
import logging

class S(BaseHTTPRequestHandler):
    def do_GET(self):
        self.send_response(200)
        self.send_header('Content-type', 'text/html')
        self.end_headers()
        self.wfile.write("GET request for {}".format(self.path).encode('utf-8'))

def run(server_class=HTTPServer, handler_class=S, port=3000):
    httpd = server_class(('', port), handler_class)
    try:
        httpd.serve_forever()
    except KeyboardInterrupt:
        pass
    httpd.server_close()

if __name__ == '__main__':
    run()
  1. Try to access it both via the exposed port and via the /proxy/port passing a GET query with special characters (anything that triggers % encoding) Given example host 'localhost' and code-server listening on port '8080' "http://localhost:8080/proxy/3000/?query=Teste de query" "http://localhost:8080/absproxy/3000/?query=Teste de query" "http://localhost:3000/?query=Teste de query"

Expected

The expect results would be both logs to be equal: Example log when acessing "http://localhost:8080/proxy/3000/?query=Teste de query" 127.0.0.1 - - [05/Jul/2023 13:15:37] "GET /?query=Teste%20de%20query HTTP/1.1" 200 -

Example log when acessing "http://localhost:8080/absproxy/3000/?query=Teste de query" 127.0.0.1 - - [05/Jul/2023 13:27:07] "GET /absproxy/3000/?query=Teste%20de%20query HTTP/1.1" 200 -

Example log when acessing "http://localhost:3000/?query=Teste de query" (Without code-server proxy) 127.0.0.1 - - [05/Jul/2023 13:17:12] "GET /?query=Teste%20de%20Query HTTP/1.1" 200 -

Actual

The logs show that any % encoded character are doubly-encoded only when acessed via code-server proxy while when using absproxy and direct access no problem is found

Example log when acessing "http://localhost:8080/proxy/3000/?query=Teste de query" 127.0.0.1 - - [05/Jul/2023 13:15:37] "GET /?query=Teste%2520de%2520query HTTP/1.1" 200 -

  • Look how %20 becomes %2520. (What is happening is that the % itself becomes %25).

Example log when acessing "http://localhost:8080/absproxy/3000/?query=Teste de query" 127.0.0.1 - - [05/Jul/2023 13:27:07] "GET /absproxy/3000/?query=Teste%20de%20query HTTP/1.1" 200 -

Example log when acessing "http://localhost:3000/?query=Teste de query" (Without code-server proxy) 127.0.0.1 - - [05/Jul/2023 13:17:12] "GET /?query=Teste%20de%20Query HTTP/1.1" 200 -

Logs

No response

Screenshot/Video

No response

Does this issue happen in VS Code or GitHub Codespaces?

  • [X] I cannot reproduce this in VS Code.
  • [X] I cannot reproduce this in GitHub Codespaces.

Are you accessing code-server over HTTPS?

  • [X] I am using HTTPS.

Notes

I'm using HTTPS but the nginx proxy that deals with it, code-server itself isn't using HTTPS and the problem still happens even if I simulate locally with curl, so it's not relevant how I get to code-server.

My Theory I think the problem is something about how the "/proxy/port" path is stripped by the proxy, re-encoding the URL when it should be untouched.

erickweil avatar Jul 05 '23 13:07 erickweil

Thank you for the report! Your analysis sounds spot-on. I think the assumption was that Express decodes the query variables but obviously that is not the case.

code-asher avatar Jul 13 '23 21:07 code-asher

Hi @code-asher is there an update on this? We reverted to v4.12 just to avoid this as its breaking the UI for our users, I can take it over and revert the encodeURI if you need contribution.

revolutionisme avatar Aug 24 '23 16:08 revolutionisme

No update, I just have not got around to it yet (I figure I should also add tests), but am happy to merge if someone makes a PR.

code-asher avatar Aug 28 '23 18:08 code-asher

Same issue here with Localstasck and presign urls.

When I generate a presign for S3 Get/Put, the url has '&' char in it. So when I try to call il through 'code-server.url/proxy/4566/{PRESIGN}', it ends up encoded twice with the same behavior explained before.

Only solution is to roll back to version v4.12.0

exasky avatar Dec 14 '23 06:12 exasky

I'm having problems with this issue as well, a fix would be appreciated.

daniel-sali avatar Jan 11 '24 19:01 daniel-sali

So, my memory is fuzzy but I think I tried to fix this but when I added a unit test I could not actually reproduce the issue. There might be more going on or maybe my test was bad.

code-asher avatar Jan 11 '24 20:01 code-asher

Nevermind I see where I went wrong. Fix incoming.

code-asher avatar Jan 11 '24 21:01 code-asher