servant icon indicating copy to clipboard operation
servant copied to clipboard
verified publisher icon haskell-servant

QueryParam doesn't conform to HTTP

Open cblp opened this issue 3 years ago • 5 comments

Instance HasClient QueryParam' uses this function

encodeQueryParam :: ToHttpApiData a => a  -> BS.ByteString
encodeQueryParam = BL.toStrict . toLazyByteString . toEncodedUrlPiece

where toEncodedUrlPiece is from http-api-data package, where it is documented to be applicable to path segments only, not to query parameters. As a result, if we try to send a simple text string as a parameter,

type API = QueryParam "p" Text

this will be encoded as ?p=a%20+%20b which is wrong, because + is the encoding for the space, and + must be encoded as %2B.

?p=a%20+%20b is interpreted by a standard-conforming server as p = "a b".

p = "a + b" must be encoded as ?p=a+%2B+b

cblp avatar Nov 01 '22 23:11 cblp

If you think http-api-data must be fixed, see

  • https://github.com/fizruk/http-api-data/pull/123
  • https://github.com/fizruk/http-api-data/pull/120

cblp avatar Nov 01 '22 23:11 cblp

@cblp Has this been addressed by #1597, which was released as part of servant-0.20?

ysangkok avatar Jun 25 '23 12:06 ysangkok

I think, this is already fixed in http-api-data, but I can't recheck right now.

cblp avatar Jun 25 '23 20:06 cblp

@cblp Is this still an ongoing problem?

tchoutri avatar Apr 25 '24 17:04 tchoutri

Look like it's fixed, but I'm not sure.

cblp avatar Apr 27 '24 16:04 cblp