-
Notifications
You must be signed in to change notification settings - Fork 89
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allowing disabling percent encoding for some HTTP header fields #529
Comments
Hi @zunda-pixel, just to confirm, you're writing a server here, right? You can return a completely arbitrary URL in the response's Location header, can you clarify why you say you can't redirect to a different domain? |
Yes, I am writing a server. Base url is keeping...
|
Hmm, |
This is sample repository that has issue I told. Please check. openapi: '3.1.0'
info:
title: LoginService
version: 1.0.0
servers:
- url: https://example.com/
description: Example service deployment.
paths:
/login:
get:
operationId: login
responses:
'303':
description: A success response Login
headers:
location:
schema:
type: string import OpenAPIRuntime
import OpenAPIVapor
import Vapor
struct Handler: APIProtocol {
func login(_ input: Operations.login.Input) async throws -> Operations.login.Output {
return .seeOther(.init(headers: .init(location: "https://apple.com")))
}
}
@main struct LoginServer {
static func main() async throws {
let app = Vapor.Application()
let transport = VaporTransport(routesBuilder: app)
let handler = Handler()
try handler.registerHandlers(on: transport)
try await app.execute()
}
} |
Can you clarify what the issue is? The code in the project all looks correct. What are the steps you're taking, what is the result you see, and what is the result you expect? That'll help us understand where the mismatch is. |
Current ResultExpecting Result |
Which HTTP client are you using? A web browser? curl? |
I use a web browser. |
Thank you @zunda-pixel, I was able to isolate the issue. The problem is that OpenAPI-defined headers are serialized according to the rules of RFC6570 (details here), which dictate that non-reserved characters need to be percent encoded. However, in the As a workaround, add a middleware that removes the percent encoding of the Location header: import OpenAPIRuntime
import OpenAPIVapor
import Vapor
import HTTPTypes
struct Handler: APIProtocol {
func login(_ input: Operations.login.Input) async throws -> Operations.login.Output {
return .seeOther(.init(headers: .init(location: "https://apple.com")))
}
}
@main struct LoginServer {
static func main() async throws {
let app = Vapor.Application()
let transport = VaporTransport(routesBuilder: app)
let handler = Handler()
try handler.registerHandlers(on: transport, middlewares: [
UnescapeLocationHeaderMiddleware()
])
try await app.execute()
}
}
struct UnescapeLocationHeaderMiddleware: ServerMiddleware {
func intercept(
_ request: HTTPRequest,
body: HTTPBody?,
metadata: ServerRequestMetadata,
operationID: String,
next: (HTTPRequest, HTTPBody?, ServerRequestMetadata) async throws -> (HTTPResponse, HTTPBody?)
) async throws -> (HTTPResponse, HTTPBody?) {
var (response, responseBody) = try await next(request, body, metadata)
guard let location = response.headerFields[.location] else {
return (response, responseBody)
}
response.headerFields[.location] = location.removingPercentEncoding
return (response, responseBody)
}
} Now, thanks for reporting this. It's a bit troubling, and I suspect we'll need some way to make this more compatible with clients that don't percent-decode header fields. If you don't mind, I'll repurpose this issue to track improving Swift OpenAPI Generator this way and rename it. |
Thank you for looking into this issue, and providing a workaround. |
Question
I want to redirect to
domain2.com
fromdomain1.com
.I can redirect same domain.
ex: from
domain1.com/login
todomain1.com/account
.The text was updated successfully, but these errors were encountered: