You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When the swift-corelibs-foundation version of URLSession is used to fetch a page and the server responds with a redirect, it appears that URLSession erroneously percent-encodes the location returned by the server before following it.
Steps to reproduce:
I've included a simple Node.js HTTP server to demonstrate the issue.
The server will redirect from /first to /second and encode the entire path (/first?param=foo) as a query parameter to the new path (/second?prev=%2Ffirst%3Fparam%3Dfoo).
Notice how the first path is percent-encoded (using encodeURIComponent in JavaScript) to ensure that it can be included as a query parameter in the second path.
Note: if you use a Docker image to test on Linux, be sure to change the host in the URL from localhost to the address of your network interface.
Notice how the question mark indicating the start of the query paramters is escaped, and how the already escaped query paramters are escaped again.
The server will report an error, since it does not have any handler for the path that URLSession is requesting.
If there are no query parameters in the location header from the server (i.e. "/second"), the path is unchanged after being percent-encoded and the redirect works as expected.
The text was updated successfully, but these errors were encountered:
Attachment: Download
Environment
macOS:
Swift 5.2.4 (Xcode 11.5)
Linux:
Swift 5.2.4 docker image
Additional Detail from JIRA
md5: 2f700a12524f42871f9482f09c562e16
Issue Description:
When the swift-corelibs-foundation version of URLSession is used to fetch a page and the server responds with a redirect, it appears that URLSession erroneously percent-encodes the location returned by the server before following it.
Steps to reproduce:
I've included a simple Node.js HTTP server to demonstrate the issue.
Use URLSession to request a URL that contains a query parameter:
http://localhost:8989/first?param=foo
The server will redirect from /first to /second and encode the entire path (/first?param=foo) as a query parameter to the new path (/second?prev=%2Ffirst%3Fparam%3Dfoo).
Notice how the first path is percent-encoded (using encodeURIComponent in JavaScript) to ensure that it can be included as a query parameter in the second path.
Note: if you use a Docker image to test on Linux, be sure to change the host in the URL from localhost to the address of your network interface.
Expected result:
URLSession should follow the 303 redirect and fetch the URL given by the server in the Location header (http://localhost:8989/second?prev=%2Ffirst%3Fparam%3Dfoo).
Actual result:
Darwin: the redirect works as expected.
Linux: the location URL given by the server when redirecting from /first to /second is percent-encoded before the request is performed.
This results in URLSession attempting to fetch:
http://localhost:8989/second%3Fprev=%252Ffirst%253Fparam%253Dfoo
when it should fetch:
http://localhost:8989/second?prev=%2Ffirst%3Fparam%3Dfoo
Notice how the question mark indicating the start of the query paramters is escaped, and how the already escaped query paramters are escaped again.
The server will report an error, since it does not have any handler for the path that URLSession is requesting.
If there are no query parameters in the location header from the server (i.e. "/second"), the path is unchanged after being percent-encoded and the redirect works as expected.
The text was updated successfully, but these errors were encountered: