iisnode
iisnode copied to clipboard
tjanczuk
Url encoded characters get decoded
I have a problem with iisnode on Azure which is that the url encoded entities when passed to my express app in node are already decoded and can cause problems with the routing. It doesn't seem to happen for all characters, for example %20 remains encoded while %3D gets decoded.
+1 Having same issue in Azure. I'm passing an encoded path in the URL and it is being decoded and not matching on the appropriate route.
There was an older issue about that, I commented the problem there. Still found no solution to it: URLEncoded route parameters are not respected #217
For now I was able to promote UNENCODED_URL IIS rewrite module server variable to headers, and at least I have it in node app. I'm going to see where request url gets created and passed to nodejs app in iisnode source code
Hi I am experiencing the same problem. I am requesting something like /search/old%2F1 and node gets the request /search/old/1 . In my case I have this issue on Azure and a Windows 7 / IIS box. Any help greatly appreciated.
Hi everyone, I've made a pull request which can fix this issue on premises, however on Azure the url gets decoded before it reaches the node app for security reasons, so on Azure it is not possible to fix right now.
@joaosa @BorisJanischevsky you can follow the link to my pull request, and if you manually compile and build installers for iisnode, it will fix the issue: https://github.com/tjanczuk/iisnode/pull/486#issuecomment-222996458
It could be easier if you go to my fork and try VS2015 solution here: https://github.com/eugeneagafonov/iisnode/tree/vs2015
are there any updates on that? we need slashes on our url when it gets to node js.
a workaround i used is to decode the url again before it gets to the router of nodejs:
const URI = require('urijs');
const ensureEncoded = url => URI.encode(URI.decode(url));
const urlInPathRegEx = /someUrlRegex(thePartExepectedToBeEncoded)/;
server.use((req, res, next) => {
const urlInPathMatch = req.path.match(urlInPathRegEx);
if (urlInPathMatch) {
const addressKey = urlInPathMatch[1];
req.url = req.url.replace(addressKey, ensureEncoded(addressKey));
}
next();
});
but i would strongly prefer to not hack like this...
@vzaidman you can build and use the modified version. As far as I understand there are no plans to accept pull requests from this repo. You can try to mention this issue in azure iisnode repo
for me, an Azure web app is not decoding "%3F" (?) in URL like this: .../accounts%3FType=Business resulting in 404 But is it working when hosted in IIS (but not local IIS for some reason)
We are running a Linux image in a Linux container.
Any solution? Else we can't migrate to Azure as other calling apps will break.
for me, an Azure web app is not decoding "%3F" (?) in URL like this: .../accounts%3FType=Business resulting in 404 But is it working when hosted in IIS (but not local IIS for some reason)
We are running a Linux image in a Linux container.
Any solution? Else we can't migrate to Azure as other calling apps will break.
No solution for Azure because this is handled before your app. This is considered as a security issue. Please follow this to check: https://github.com/tjanczuk/iisnode/issues/217#issuecomment-225365419
One thing I suggest to try is a container app instead of web app (though It might be pretty much the same), or azure container instances, or any other hosting that might not have built-in load balancer. Probably AKS or Service Fabric.
If it's just one container and these options are too much overkill, try hosting this on a usual VM.