Allowing disabling percent encoding for some HTTP header fields #529
Comments
zunda-pixel
added
kind/support
|
Hi @zunda-pixel, just to confirm, you're writing a server here, right? You can return a completely arbitrary URL in the response's Location header, can you clarify why you say you can't redirect to a different domain? |
|
Yes, I am writing a server. Base url is keeping...
|
|
Hmm, |
|
This is sample repository that has issue I told. Please check. openapi: '3.1.0'
info:
title: LoginService
version: 1.0.0
servers:
- url: https://example.com/
description: Example service deployment.
paths:
/login:
get:
operationId: login
responses:
'303':
description: A success response Login
headers:
location:
schema:
type: stringimport OpenAPIRuntime
import OpenAPIVapor
import Vapor
struct Handler: APIProtocol {
func login(_ input: Operations.login.Input) async throws -> Operations.login.Output {
return .seeOther(.init(headers: .init(location: "https://apple.com")))
}
}
@main struct LoginServer {
static func main() async throws {
let app = Vapor.Application()
let transport = VaporTransport(routesBuilder: app)
let handler = Handler()
try handler.registerHandlers(on: transport)
try await app.execute()
}
} |
|
Can you clarify what the issue is? The code in the project all looks correct. What are the steps you're taking, what is the result you see, and what is the result you expect? That'll help us understand where the mismatch is. |
Current ResultExpecting Result |
|
Which HTTP client are you using? A web browser? curl? |
|
I use a web browser. |
|
Thank you @zunda-pixel, I was able to isolate the issue. The problem is that OpenAPI-defined headers are serialized according to the rules of RFC6570 (details here), which dictate that non-reserved characters need to be percent encoded. However, in the As a workaround, add a middleware that removes the percent encoding of the Location header: import OpenAPIRuntime
import OpenAPIVapor
import Vapor
import HTTPTypes
struct Handler: APIProtocol {
func login(_ input: Operations.login.Input) async throws -> Operations.login.Output {
return .seeOther(.init(headers: .init(location: "https://apple.com")))
}
}
@main struct LoginServer {
static func main() async throws {
let app = Vapor.Application()
let transport = VaporTransport(routesBuilder: app)
let handler = Handler()
try handler.registerHandlers(on: transport, middlewares: [
UnescapeLocationHeaderMiddleware()
])
try await app.execute()
}
}
struct UnescapeLocationHeaderMiddleware: ServerMiddleware {
func intercept(
_ request: HTTPRequest,
body: HTTPBody?,
metadata: ServerRequestMetadata,
operationID: String,
next: (HTTPRequest, HTTPBody?, ServerRequestMetadata) async throws -> (HTTPResponse, HTTPBody?)
) async throws -> (HTTPResponse, HTTPBody?) {
var (response, responseBody) = try await next(request, body, metadata)
guard let location = response.headerFields[.location] else {
return (response, responseBody)
}
response.headerFields[.location] = location.removingPercentEncoding
return (response, responseBody)
}
}Now, thanks for reporting this. It's a bit troubling, and I suspect we'll need some way to make this more compatible with clients that don't percent-decode header fields. If you don't mind, I'll repurpose this issue to track improving Swift OpenAPI Generator this way and rename it. |
czechboy0
added
area/generator
czechboy0
changed the title
|
Thank you for looking into this issue, and providing a workaround. |
Question
I want to redirect to
domain2.comfromdomain1.com.I can redirect same domain.
ex: from
domain1.com/logintodomain1.com/account.The text was updated successfully, but these errors were encountered: