SpringBoot Undertow/Tomcat报错:Invalid character | in request-target
原创
©著作权归作者所有:来自51CTO博客作者passedbylove的原创作品,请联系作者获取转载授权,否则将追究法律责任
本问题核心原因是http协议升级,因为网络安全问题日益严峻,RFC组织决定将RFC2616拆分并进行升级。
RFC2616拆分后:
- RFC7230 - HTTP/1.1: Message Syntax and Routing - low-level message parsing and connection management
- RFC7231 - HTTP/1.1: Semantics and Content - methods, status codes and headers
- RFC7232 - HTTP/1.1: Conditional Requests - e.g., If-Modified-Since
- RFC7233 - HTTP/1.1: Range Requests - getting partial content
- RFC7234 - HTTP/1.1: Caching - browser and intermediary caches
- RFC7235 - HTTP/1.1: Authentication - a framework for HTTP authentication
今天出现问题的主角也和上面有关,还涉及一个协议
RFC 3986 - Uniform Resource Identifier (URI): Generic Syntax
因为防止sql注入,新RFC将|视为非法路径符号。
解决方法如下:
undertow RFC 7230 and RFC 3986 compatibility
代码
@Bean
public ConfigurableServletWebServerFactory webServerFactory() {
UndertowServletWebServerFactory factory =new UndertowServletWebServerFactory();
factory.addBuilderCustomizers(builder -> builder.setServerOption(UndertowOptions.ALLOW_UNESCAPED_CHARACTERS_IN_URL, Boolean.TRUE)); //url配置
factory.addBuilderCustomizers(builder -> builder.setServerOption(UndertowOptions.ALLOW_EQUALS_IN_COOKIE_VALUE, Boolean.TRUE));
factory.addBuilderCustomizers(builder -> builder.setServerOption(UndertowOptions.ALLOW_ENCODED_SLASH,Boolean.TRUE));
return factory;
}
Tomcat解决办法:
@Bean
public ConfigurableServletWebServerFactory webServerFactory() {
TomcatServletWebServerFactory factory = new TomcatServletWebServerFactory();
factory.addConnectorCustomizers(new TomcatConnectorCustomizer() {
@Override
public void customize(Connector connector) {
connector.setProperty("relaxedQueryChars", "|{}[]");
}
});
return factory;
}
参考:https://stackoverflow.com/questions/46251131/invalid-character-found-in-the-request-target-in-spring-boot