Zuul proxy rewrites POST body for x-www-form-urlencoded Content-Type

[the-fine]

With Zuul proxy, POST body of a x-www-form-urlencoded Content-Type the url encoded characters changed from lowercase to upper case

For example: The following curl request to the zuul instance curl -X POST -H "Content-Type: application/x-www-form-urlencoded" -d 'c_date=08%2f16%2f2016+08%3a36%3a09.258' "http://localhost"

Is proxied and received with the following body: c_date=08%2F16%2F2016+08%3A36%3A09.258

Tried both with org.springframework.cloud:spring-cloud-starter-parent:Brixton.SR4 version and with org.springframework.cloud:spring-cloud-netflix:1.2.0.BUILD-SNAPSHOT.

Also tried to configure RibbonCommandFactory to HttpClientRibbonCommandFactory but still get the same result.

Thanks!

[jebeaudet]

That's because the request is decoded in the proxy and reencoded in FormBodyWrapperFilter (the buildContentData() method more precisely).

I'm curious as to why this is a problem? I believe percentage encoding should not be case sensitive per this rfc https://tools.ietf.org/html/rfc3986#section-2.1.

[the-fine]

We receive webhooks from a 3rd party, after receiving the POST request we need to verify the authenticity of it by sending the exact body to a verification url. Any way to proxy the request as is?

[jebeaudet]

I guess your verification endpoint should only check the decoded output? This way you're not sensitive to these kind of issues.

As of today, there is no easy way to do this. The only was I see is to disable the FormBodyWrapperFilter by setting the key zuul.FormBodyWrapperFilter.pre.disable to true in Archaius and by coding your own filter that doesn't decode/encode the form params (I'm not sure there is an easy way to fetch those in HttpServletRequest, I might be wrong though).

[spencergibb]

Closing with a 👍 to @jebeaudet comments.