You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@olingo.apache.org by "Christian Amend (JIRA)" <ji...@apache.org> on 2018/01/03 12:11:00 UTC

[jira] [Resolved] (OLINGO-1220) Bad request (error 400) for entries with slash or backslash character in string literal of key predicate

     [ https://issues.apache.org/jira/browse/OLINGO-1220?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Christian Amend resolved OLINGO-1220.
-------------------------------------
    Resolution: Information Provided
      Assignee: Christian Amend

Hi Michele,

the Olingo library does not block this. This is usually done by the runtime environment e.g. Apache Tomcat as a security measure. You can check this by looking at the response body. If you see an empty response body the request does not even reach the Olingo servlet. If you get back an OData Error Document then there is a bug in the library. In this case we would need a stacktrace tif possible to troubleshoot the issue.

Here is a stackoverflow answer for Apache Tomcat: https://stackoverflow.com/questions/9719224/coding-forward-and-backward-slashes-in-tomcat-7

Best Regards,
Christian

> Bad request (error 400) for entries with slash or backslash character in string literal of key predicate
> --------------------------------------------------------------------------------------------------------
>
>                 Key: OLINGO-1220
>                 URL: https://issues.apache.org/jira/browse/OLINGO-1220
>             Project: Olingo
>          Issue Type: Bug
>          Components: odata2-core
>    Affects Versions: V2 2.0.9, V2 2.0.10
>            Reporter: M Carissimi
>            Assignee: Christian Amend
>            Priority: Critical
>
> Hello,
> our OData service implemented with Olingo 2.0.x refuses to accept requests for entries where the string literal of a key predicate contains the slash (/) or backslash (\) characters. In both cases encoding the slash or backslash character with the corresponding code (%2F and %5C respectively) does not resolve the issue. In all cases an error 400 is returned by Olingo
> These are some example of failing URLs:
> https://<servername>/odata/WELL('Alice-09-d%2Fe')
> https://<servername>/odata/WELL('Alice-12-k%5Cm')
> Can you please investigate this issue and let me know if there's anything we can do in our code to prevent it from happening?
> Regards
> Michele



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)