Philip Zampino created KNOX-3180: ------------------------------------ Summary: Improve conditions for applying UrlEncodedFormRequest wrapper Key: KNOX-3180 URL: https://issues.apache.org/jira/browse/KNOX-3180 Project: Apache Knox Issue Type: Improvement Components: Server Reporter: Philip Zampino Assignee: Philip Zampino
The fix for KNOX-3179 introduced some conditional logic in UrlEncodedFormRequest to accommodate params in the request body. It seems the intention of the UrlEncodedFormRequest wrapper is for proxying cases, and only applied based on the "x-www-form-urlencoded" content type. However, when Knox itself is the terminus, and the API includes form data, we end up with an unusual situation. It seems like perhaps we should only be employing UrlEncodedFormRequest when the content type is "x-www-form-urlencoded" AND Knox is proxying. When Knox is providing the API itself, this restriction is not necessary and this extension need not be applied. I think we can modify [the condition for applying the wrapper|https://github.com/apache/knox/blob/e58d5e4a2d10910a298708400ce9afca0690b5b8/gateway-server/src/main/java/org/apache/knox/gateway/GatewayFilter.java#L192] to include a check for the service being requested. Something like {code:java} (UrlEncodedFormRequest.isUrlEncodedForm(servletRequest) && !KNOX_SERVICES.contains(chain.getResourceRole())) ? new UrlEncodedFormRequest((HttpServletRequest) servletRequest) : servletRequest {code} where KNOX_SERVICES is a constant collection of Knox-provided API service roles. -- This message was sent by Atlassian Jira (v8.20.10#820010)