Open rahul7720 opened 1 year ago
I resolved this issue with a temporary workaround using a custom batch handler. But the issue needs to be fixed in the core library.
public class CustomODataBatchHandler : DefaultODataBatchHandler
{
public async override Task<IList<ODataBatchRequestItem>> ParseBatchRequestsAsync(HttpContext context)
{
var requests = await base.ParseBatchRequestsAsync(context);
try
{
foreach (var requestItem in requests)
{
if (requestItem is OperationRequestItem)
{
var httpRequest = ((OperationRequestItem)requestItem).Context.Request;
httpRequest.Path = Uri.UnescapeDataString(httpRequest.Path);
}
}
}
catch (Exception ex)
{
//handle exceptions
}
return requests;
}
}
We should update our logic to start parsing the URLs in the batch request body at the same layer that we start decoding the URLs so that the behavior is consistent for batch requests.
According to the standard, URLs should be percent encoded in batch requests:
URLs must be correctly percent-encoded. For relative URLs this means that colons in the path part, especially within key values, MUST be percent-encoded to avoid confusion with the scheme separator. Colons within the query part, i.e. after the question mark character (?), need not be percent-encoded.
It seems like there might be some related ODL issue, I will create an issue for that if it's discovered during the investigation.
We should update our logic to start parsing the URLs in the batch request body at the same layer that we start decoding the URLs so that the behavior is consistent for batch requests.
According to the standard, URLs should be percent encoded in batch requests:
URLs must be correctly percent-encoded. For relative URLs this means that colons in the path part, especially within key values, MUST be percent-encoded to avoid confusion with the scheme separator. Colons within the query part, i.e. after the question mark character (?), need not be percent-encoded.
It seems like there might be some related ODL issue, I will create an issue for that if it's discovered during the investigation.
The encoded URLs are generated by the odata.net library. May be this issue can be related: https://github.com/OData/odata.net/issues/2292
Assemblies affected ASP.NET Core OData 8.x
Describe the bug When using multipart/mixed batch requests, with encoded URL in the batch request body (i.e., ' is encoded to %27). However, this causes an Internal Server Error (HTTP 500) in ASP.NET Core 7 OData, which seems unable to correctly decode these URLs in the batch request body.
Reproduce steps
../products(%27someid%27)
).Request/Response Request
Response
Expected behavior
Additional context It seems the URL encoding issue only arises when special characters are present in the URLs within the batch request body. Single requests work as expected, and batch requests without special characters in the URLs also work as expected.