When we use fully_escape to make Resource IDs URL safe, we don't currently escape the period (.) character. This can lead to resource URLs resulting in a 404 response from the Conjur API because it parses the period as an extension (.json) instead of part of the URL path.
Problem Description
When we use
fully_escape
to make Resource IDs URL safe, we don't currently escape the period (.
) character. This can lead to resource URLs resulting in a 404 response from the Conjur API because it parses the period as an extension (.json
) instead of part of the URL path.Example for user with ID
my.user
:Expected Outcome:
Periods should be escaped with the sequence
%2E
. With this substitution the request above is correctly routed and handled: