Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

core/requestALB.go seem to be double escaping query string parameters #203

Open
choonkeat opened this issue Jul 10, 2024 · 2 comments
Open

Comments

@choonkeat
Copy link

In

for q, l := range req.MultiValueQueryStringParameters {
for _, v := range l {
if queryString != "" {
queryString += "&"
}
queryString += url.QueryEscape(q) + "=" + url.QueryEscape(v)
}

It would seem like the key and values in req.MultiValueQueryStringParameters are raw i.e. already query escaped

so it should be

- queryString += url.QueryEscape(q) + "=" + url.QueryEscape(v)
+ queryString += q + "=" + v

I'm not sure about QueryStringParameters

@choonkeat
Copy link
Author

related #147

@choonkeat
Copy link
Author

https://docs.aws.amazon.com/elasticloadbalancing/latest/application/lambda-functions.html

If you enable multi-value headers, the load balancer uses both cookies sent by the client and sends you an event that includes headers using multiValueHeaders. For example:

"multiValueHeaders": {
    "cookie": ["name1=value1", "name2=value2"],
    ...
},

If the query parameters are URL-encoded, the load balancer does not decode them. You must decode them in your Lambda function.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant