search

CollaboraOnline / online

Collabora Online is a collaborative online office suite based on LibreOffice technology. This is also the source for the Collabora Office apps for iOS and Android.
https://collaboraonline.com
Other
1.85k stars 701 forks source link

Optional hexification of URLs... #3086

Closed mmeeks closed 3 years ago

mmeeks commented 3 years ago

It appears that some IIS server setups - particularly in Azure infrastructure cannot stop themselves from de-mangling URL components that contain URLs so things like:

GET wss://foo.com/gateway/wopi/client/lool/https%3A%2F%2Fbaa.com%2Fget%2Fwopi%2Fhost%2Ffiles%3Faccess_token%3D1234456/ws

get mashed into:

GET wss://foo.com/gateway/wopi/client/lool/https:/baa.com/get/wopi/host/files?access_token=1234456/ws

Note broken URL, and un-escaping of escaped '/'s. We don't have access to configure such intervening mangling software.

As such - we should provide a configure option in loolwsd.xml - which allows hexification of the URL: ie. we provide:

GET wss://foo.com/gateway/wopi/client/lool/0x68747470733a2f2f6261612e636f6d2f6765742f776f70692f686f73742f66696c65733f6163636573735f746f6b656e3d313233343435362f7773/ws

We should use this instead of URL encoding, so we don't stack too much madness & bloat on top of ourselves.

Thanks.

mmeeks commented 3 years ago

Please see also ticket #3085 and #3084 which should be pre-requisites.

mmeeks commented 3 years ago

See bug #3087 for a follow-on improvement.

Ashod commented 3 years ago

Implemented and merged.

Ashod commented 3 years ago

Merged and released.