java.net.URISyntaxException: Illegal character in query at index 39: http://127.0.0.1:8080/demo/test?param={}

Spring JIRA | Russell Allen | 7 months ago
  1. 0

    This change: https://jira.spring.io/browse/SPR-13876 introduced a defect where request's with an origin header and where the request url contains query parameter character's that are typically encoded, trigger a URI formatting exception. A plain Spring Web project with a no-op controller will reproduce this issue. You must pass the origin header though, as this triggers the DefaultCorsProcessor to fully execute. The call will work with a plain url and fail with a url with special characters: works: {{http://127.0.0.1:8080/demo/test?param=plain}} fails: {{http://127.0.0.1:8080/demo/test?param=^}} The root exception: {noformat} java.net.URISyntaxException: Illegal character in query at index 39: http://127.0.0.1:8080/demo/test?param={} at java.net.URI$Parser.fail(URI.java:2848) at java.net.URI$Parser.checkChars(URI.java:3021) at java.net.URI$Parser.parseHierarchical(URI.java:3111) at java.net.URI$Parser.parse(URI.java:3053) at java.net.URI.<init>(URI.java:588) at org.springframework.http.server.ServletServerHttpRequest.getURI(ServletServerHttpRequest.java:96) at org.springframework.web.util.UriComponentsBuilder.fromHttpRequest(UriComponentsBuilder.java:282) at org.springframework.web.util.WebUtils.isSameOrigin(WebUtils.java:814) at org.springframework.web.cors.DefaultCorsProcessor.processRequest(DefaultCorsProcessor.java:71) at org.springframework.web.servlet.handler.AbstractHandlerMapping$CorsInterceptor.preHandle(AbstractHandlerMapping.java:503) at org.springframework.web.servlet.HandlerExecutionChain.applyPreHandle(HandlerExecutionChain.java:134) at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:954) at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:893) at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:968) at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:859) at javax.servlet.http.HttpServlet.service(HttpServlet.java:687) at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:844) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) {noformat} I tested this with Jetty 9.3.2 and 9.3.8, and it reproduced in both versions. The exception is generated when the query parameter contains a curly brace or carat, but many other characters seem to work. I assume that is simply an aspect of the URI encoding spec that I'm less familiar with.

    Spring JIRA | 7 months ago | Russell Allen
    java.net.URISyntaxException: Illegal character in query at index 39: http://127.0.0.1:8080/demo/test?param={}
  2. 0

    This change: https://jira.spring.io/browse/SPR-13876 introduced a defect where request's with an origin header and where the request url contains query parameter character's that are typically encoded, trigger a URI formatting exception. A plain Spring Web project with a no-op controller will reproduce this issue. You must pass the origin header though, as this triggers the DefaultCorsProcessor to fully execute. The call will work with a plain url and fail with a url with special characters: works: {{http://127.0.0.1:8080/demo/test?param=plain}} fails: {{http://127.0.0.1:8080/demo/test?param=^}} The root exception: {noformat} java.net.URISyntaxException: Illegal character in query at index 39: http://127.0.0.1:8080/demo/test?param={} at java.net.URI$Parser.fail(URI.java:2848) at java.net.URI$Parser.checkChars(URI.java:3021) at java.net.URI$Parser.parseHierarchical(URI.java:3111) at java.net.URI$Parser.parse(URI.java:3053) at java.net.URI.<init>(URI.java:588) at org.springframework.http.server.ServletServerHttpRequest.getURI(ServletServerHttpRequest.java:96) at org.springframework.web.util.UriComponentsBuilder.fromHttpRequest(UriComponentsBuilder.java:282) at org.springframework.web.util.WebUtils.isSameOrigin(WebUtils.java:814) at org.springframework.web.cors.DefaultCorsProcessor.processRequest(DefaultCorsProcessor.java:71) at org.springframework.web.servlet.handler.AbstractHandlerMapping$CorsInterceptor.preHandle(AbstractHandlerMapping.java:503) at org.springframework.web.servlet.HandlerExecutionChain.applyPreHandle(HandlerExecutionChain.java:134) at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:954) at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:893) at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:968) at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:859) at javax.servlet.http.HttpServlet.service(HttpServlet.java:687) at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:844) at javax.servlet.http.HttpServlet.service(HttpServlet.java:790) {noformat} I tested this with Jetty 9.3.2 and 9.3.8, and it reproduced in both versions. The exception is generated when the query parameter contains a curly brace or carat, but many other characters seem to work. I assume that is simply an aspect of the URI encoding spec that I'm less familiar with.

    Spring JIRA | 7 months ago | Russell Allen
    java.net.URISyntaxException: Illegal character in query at index 39: http://127.0.0.1:8080/demo/test?param={}
  3. 0

    Stack overflow in grails 3.1.7 using %% in url

    GitHub | 6 months ago | ctoestreich
    java.net.URISyntaxException: Malformed escape pair at index 118: http://www.xxxxxx.com/login/auth?dest=/home.jsp&et_cid=4597690&et_rid=xxxxxx@RITTERMAIL.COM&CTList=Mature&CTCredit=%%AccountProductTypeCode%%&CTid=267&CTCampName=RateReview_New&CTTestGrp=Bazaarvoice_Sub_Prod_Join&CTTemp=2016-05-31
  4. Speed up your debug routine!

    Automated exception search integrated into your IDE

  5. 0

    Grails 3.1.7 Stack Overflow with %% in url

    GitHub | 6 months ago | ctoestreich
    java.net.URISyntaxException: Malformed escape pair at index 118: http://www.xxxxxx.com/login/auth?dest=/home.jsp&et_cid=4597690&et_rid=xxxxxx@RITTERMAIL.COM&CTList=Mature&CTCredit=%%AccountProductTypeCode%%&CTid=267&CTCampName=RateReview_New&CTTestGrp=Bazaarvoice_Sub_Prod_Join&CTTemp=2016-05-31
  6. 0

    GitHub comment 7#72202596

    GitHub | 2 years ago | akshay-bilani
    javax.ws.rs.core.UriBuilderException: java.net.URISyntaxException: Illegal character in query at index 97: https://v.whatsapp.net/v2/code?cc=91&in=8817919016&to=918817919016&lg=hi&lc=IN&method=sms&mcc=404|405|406&mnc=001&token=Q1eb8EfXBqjbbmyed0%2FZBRWHpkQ%3D&id=%7d%db%b60%9d%14%a7m%92%e3%1b%26%f3%fftt%df%a0p%8b

  1. tfr 1 times, last 6 months ago
  2. muffinmannen 1 times, last 8 months ago
36 unregistered visitors
Not finding the right solution?
Take a tour to get the most out of Samebug.

Tired of useless tips?

Automated exception search integrated into your IDE

Root Cause Analysis

  1. java.net.URISyntaxException

    Illegal character in query at index 39: http://127.0.0.1:8080/demo/test?param={}

    at java.net.URI$Parser.fail()
  2. Java RT
    URI.<init>
    1. java.net.URI$Parser.fail(URI.java:2848)
    2. java.net.URI$Parser.checkChars(URI.java:3021)
    3. java.net.URI$Parser.parseHierarchical(URI.java:3111)
    4. java.net.URI$Parser.parse(URI.java:3053)
    5. java.net.URI.<init>(URI.java:588)
    5 frames
  3. Spring
    WebUtils.isSameOrigin
    1. org.springframework.http.server.ServletServerHttpRequest.getURI(ServletServerHttpRequest.java:96)
    2. org.springframework.web.util.UriComponentsBuilder.fromHttpRequest(UriComponentsBuilder.java:282)
    3. org.springframework.web.util.WebUtils.isSameOrigin(WebUtils.java:814)
    3 frames
  4. org.springframework.web
    DefaultCorsProcessor.processRequest
    1. org.springframework.web.cors.DefaultCorsProcessor.processRequest(DefaultCorsProcessor.java:71)
    1 frame
  5. Spring MVC
    FrameworkServlet.doGet
    1. org.springframework.web.servlet.handler.AbstractHandlerMapping$CorsInterceptor.preHandle(AbstractHandlerMapping.java:503)
    2. org.springframework.web.servlet.HandlerExecutionChain.applyPreHandle(HandlerExecutionChain.java:134)
    3. org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:954)
    4. org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:893)
    5. org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:968)
    6. org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:859)
    6 frames
  6. JavaServlet
    HttpServlet.service
    1. javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
    1 frame
  7. Spring MVC
    FrameworkServlet.service
    1. org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:844)
    1 frame
  8. JavaServlet
    HttpServlet.service
    1. javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
    1 frame