Query string parameter getting duplicated in downstream path #1174

sunilk3 · 2020-03-29T17:16:33Z

Expected Behavior

Query string parameter should not duplicate.

Upstream Request: contracts?projectNumber=45&startDate=2019-12-12&endDate=2019-12-12
Downstream Request: api/contracts?projectNumber=45&startDate=2019-12-12&endDate=2019-12-12

Upstream Request: contracts?$filter=ProjectNumber eq 45 and DateOfSale ge 2020-03-01T00:00:00z and DateOfSale le 2020-03-15T00:00:00z
Downstream Request: api/contracts?$filter=ProjectNumber eq 45 and DateOfSale ge 2020-03-01T00:00:00z and DateOfSale le 2020-03-15T00:00:00z

Actual Behavior

Query string parameter is duplicated. This works fine with web api endpoints even if query string parameter gets duplicated but fails on OData endpoints.

Upstream Request: contracts?projectNumber=45&startDate=2019-12-12&endDate=2019-12-12
Downstream Request: api/contracts?projectNumber=45&startDate=2019-12-12&endDate=2019-12-12&projectNumber=45

Upstream Request: contracts?$filter=ProjectNumber eq 45 and DateOfSale ge 2020-03-01T00:00:00z and DateOfSale le 2020-03-15T00:00:00z
Downstream Request: api/contracts?$filter=ProjectNumber eq 45 and DateOfSale ge 2020-03-01T00:00:00z and DateOfSale le 2020-03-15T00:00:00z&$filter=ProjectNumber eq 45 and DateOfSale ge 2020-03-01T00:00:00z and DateOfSale le 2020-03-15T00:00:00z

Please see console log below

info: Ocelot.RateLimit.Middleware.ClientRateLimitMiddleware[0]
      requestId: 0HLUK013URU17:00000001, previousRequestId: no previous request id, message: EndpointRateLimiting is not enabled for /api/contracts?{everythingelse}
info: Ocelot.Authentication.Middleware.AuthenticationMiddleware[0]
      requestId: 0HLUK013URU17:00000001, previousRequestId: no previous request id, message: No authentication needed for /contracts
info: Ocelot.Authorisation.Middleware.AuthorisationMiddleware[0]
      requestId: 0HLUK013URU17:00000001, previousRequestId: no previous request id, message: /api/contracts?{everythingelse} route does not require user to be authorised
info: Ocelot.Requester.Middleware.HttpRequesterMiddleware[0]
      requestId: 0HLUK013URU17:00000001, previousRequestId: no previous request id, message: 200 (OK) status code, request uri: http://localhost:45626/api/contracts?**projectNumber=45**&startDate=2019-12-12&endDate=2019-12-12**&projectNumber=45**
info: Ocelot.RateLimit.Middleware.ClientRateLimitMiddleware[0]
      requestId: 0HLUK013URU18:00000001, previousRequestId: no previous request id, message: EndpointRateLimiting is not enabled for /api/contracts?{everythingelse}
info: Ocelot.Authentication.Middleware.AuthenticationMiddleware[0]
      requestId: 0HLUK013URU18:00000001, previousRequestId: no previous request id, message: No authentication needed for /contracts
info: Ocelot.Authorisation.Middleware.AuthorisationMiddleware[0]
      requestId: 0HLUK013URU18:00000001, previousRequestId: no previous request id, message: /api/contracts?{everythingelse} route does not require user to be authorised
warn: Ocelot.Requester.Middleware.HttpRequesterMiddleware[0]
      requestId: 0HLUK013URU18:00000001, previousRequestId: no previous request id, message: 404 (Not Found) status code, request uri: http://localhost:45626/api/contracts?**$filter=ProjectNumber eq 45 and DateOfSale ge 2020-03-01T00:00:00z and DateOfSale le 2020-03-15T00:00:00z**&$**filter=ProjectNumber eq 45 and DateOfSale ge 2020-03-01T00:00:00z and DateOfSale le 2020-03-15T00:00:00z**

Steps to Reproduce the Problem

Create an api controller with two actions, one normal web api and other one as OData.
Define Reroute as below

{ 
      "DownstreamPathTemplate": "/api/contracts?{everythingelse}",
      "DownstreamScheme": "http",
      "DownstreamHostAndPorts": [
        {
          "Host": "localhost",
          "Port": 45626
        }
      ],
      "UpstreamPathTemplate": "/contracts?{everythingelse}",
      "UpstreamHttpMethod": [ "Get" ]
}

Fire get request on OData endpoint with $filter query string parameter and it return 404 not found while directly hitting same endpoint by removing duplicate query string it works fine.

Specifications

Version: 14.1.0
Platform: .NET Core 3.1 on Windows

More Details

While debugging I found following code block in DownstreamUrlCreatorMiddleware is causing query string duplication.

  if (string.IsNullOrEmpty(context.DownstreamRequest.Query))
  {
       context.DownstreamRequest.Query = GetQueryString(dsPath);
  }
  else
  {
      context.DownstreamRequest.Query += GetQueryString(dsPath).Replace('?', '&');
  }

Removing this code block solved the problem but i don't know what other negative impact it would cause.

The text was updated successfully, but these errors were encountered:

wast · 2020-04-01T18:47:35Z

@TomPallister what is the purpose of this line exactly?
context.DownstreamRequest.Query += GetQueryString(dsPath).Replace('?', '&');

I feel like RemoveQueryStringParametersThatHaveBeenUsedInTemplate(context); should also be called to remove duplication.

Also duplicate of #952

sunilk3 · 2020-04-02T16:29:10Z

@wast Removing this causes the following unit test to fail but resolves the issue I am facing.

DownstreamUrlCreatorMiddlewareTests.issue_473_should_not_remove_additional_query_string

sunilk3 · 2020-04-20T19:27:34Z

Using DelegatingHandler I was able to workaround this problem.

@RaynaldM

* Fix issue #952 and #1174 * Fix compiling errors * Fix warnings * Fix errors * Remove and Sort Usings * CA1845 Use span-based 'string.Concat' and 'AsSpan' instead of 'Substring'. Use 'AsSpan' with 'string.Concat' * IDE1006 Naming rule violation: These words must begin with upper case characters: {should_*}. Fix name violation * Add namespace * Fix build errors * Test class should match the name of tested class * Simplify too long class names, and they should match * Move to the parent folder which was empty * Fix warnings * Process dictionaries using LINQ to Objects approach * Fix code review issues from @RaynaldM * Remove tiny private helper with one reference * Fix warning & messages * Define theory instead of 2 facts * Add unit test for issue #952 * Add additional unit test for #952 to keep param * Add tests for issue #1174 * Remove unnecessary parameter * Copy routing.rst from released version * Refactor the middleware body for query params * Update routing.rst: Describe query string user scenarios --------- Co-authored-by: Stjepan Majdak <[email protected]> Co-authored-by: raman-m <[email protected]>

@RaynaldM

…ate values (ThreeMammals#1182) * Fix issue ThreeMammals#952 and ThreeMammals#1174 * Fix compiling errors * Fix warnings * Fix errors * Remove and Sort Usings * CA1845 Use span-based 'string.Concat' and 'AsSpan' instead of 'Substring'. Use 'AsSpan' with 'string.Concat' * IDE1006 Naming rule violation: These words must begin with upper case characters: {should_*}. Fix name violation * Add namespace * Fix build errors * Test class should match the name of tested class * Simplify too long class names, and they should match * Move to the parent folder which was empty * Fix warnings * Process dictionaries using LINQ to Objects approach * Fix code review issues from @RaynaldM * Remove tiny private helper with one reference * Fix warning & messages * Define theory instead of 2 facts * Add unit test for issue ThreeMammals#952 * Add additional unit test for ThreeMammals#952 to keep param * Add tests for issue ThreeMammals#1174 * Remove unnecessary parameter * Copy routing.rst from released version * Refactor the middleware body for query params * Update routing.rst: Describe query string user scenarios --------- Co-authored-by: Stjepan Majdak <[email protected]> Co-authored-by: raman-m <[email protected]>

@EngRajabi

* #1712 Bump to Polly 8.0 (#1714) * #1712 Migrate to Polly 8.0 * code review post merge * post PR * #1712 Migrate to Polly 8.0 * code review post merge * Update src/Ocelot.Provider.Polly/PollyQoSProvider.cs Co-authored-by: Raman Maksimchuk <[email protected]> * namespaces * Refactor QoS provider * Refactor AddPolly extension * Remove single quote because semicolon ends sentence --------- Co-authored-by: Ray <[email protected]> Co-authored-by: Raman Maksimchuk <[email protected]> * Cache by header value: a new Header property in (File)CacheOptions configuration of a route (#1172) @EngRajabi, Mohsen Rajabi (7): add header to file cache option fix private set fix <none> <none> fix build fail fix: fix review comment. add unit test for change @raman-m, Raman Maksimchuk (1): Update caching.rst @raman-m (7): Fix errors Fix errors Fix styling warnings Refactor tests Add Delimiter Refactor generator Add unit tests * Find available port in integration tests (#1173) * use random ports in integration tests * Remove and Sort Usings * Code modern look * code review * code review: fix messages * code review: fix some messages * code review: Use simple `using` statement * Add Ocelot.Testing project --------- Co-authored-by: raman-m <[email protected]> * #952 #1174 Merge query strings without duplicate values (#1182) * Fix issue #952 and #1174 * Fix compiling errors * Fix warnings * Fix errors * Remove and Sort Usings * CA1845 Use span-based 'string.Concat' and 'AsSpan' instead of 'Substring'. Use 'AsSpan' with 'string.Concat' * IDE1006 Naming rule violation: These words must begin with upper case characters: {should_*}. Fix name violation * Add namespace * Fix build errors * Test class should match the name of tested class * Simplify too long class names, and they should match * Move to the parent folder which was empty * Fix warnings * Process dictionaries using LINQ to Objects approach * Fix code review issues from @RaynaldM * Remove tiny private helper with one reference * Fix warning & messages * Define theory instead of 2 facts * Add unit test for issue #952 * Add additional unit test for #952 to keep param * Add tests for issue #1174 * Remove unnecessary parameter * Copy routing.rst from released version * Refactor the middleware body for query params * Update routing.rst: Describe query string user scenarios --------- Co-authored-by: Stjepan Majdak <[email protected]> Co-authored-by: raman-m <[email protected]> * #1550 #1706 Addressing the QoS options ExceptionsAllowedBeforeBreaking issue (#1753) * When using the QoS option "ExceptionsAllowedBeforeBreaking" the circuit breaker never opens the circuit. * merge issue, PortFinder * some code improvements, using httpresponsemessage status codes as a base for circuit breaker * Adding more unit tests, and trying to mitigate the test issues with the method "GivenThereIsAPossiblyBrokenServiceRunningOn" * fixing some test issues * setting timeout value to 5000 to avoid side effects * again timing issues * timing issues again * ok, first one ok * Revert "ok, first one ok" This reverts commit 2e4a673. * inline method * putting back logging for http request exception * removing logger configuration, back to default * adding a bit more tests to check the policy wrap * Removing TimeoutStrategy from parameters, it's set by default to pessimistic, at least one policy will be returned, so using First() in circuit breaker and removing the branch Policy == null from delegating handler. * Fix StyleCop warnings * Format parameters * Sort usings * since we might have two policies wrapped, timeout and circuit breaker, we can't use the name CircuitBreaker for polly qos provider, it's not right. Using PollyPolicyWrapper and AsnycPollyPolicy instead. * modifying circuit breaker delegating handler name, usin Polly policies instead * renaming CircuitBreakerFactory to PolicyWrapperFactory in tests * DRY for FileConfiguration, using FileConfigurationFactory * Add copy constructor * Refactor setup * Use expression body for method * Fix acceptance test * IDE1006 Naming rule violation: These words must begin with upper case characters * CA1816 Change ReturnsErrorTests.Dispose() to call GC.SuppressFinalize(object) * Sort usings * Use expression body for method * Return back named arguments --------- Co-authored-by: raman-m <[email protected]> * #1179 Add missing documentation for Secured WebSocket #1180 * Add "WebSocket Secure" and "SSL Errors" sections (#1180) Co-authored-by: raman-m <[email protected]> * Resolve issues with projects after auto-merging. Format Document * #1744 Avoid calls to 'Logger.Log' if LogLevel not enabled in appsettings.json (#1745) * changing string parameter for IOcelotLogger function to Func<string>, modifying asp dot net logger, only one main method and verifying if LogLevel is enabled. If log level isn't enabled, then return. pick 847dac7 changing string parameter for IOcelotLogger function to Func<string>, modifying asp dot net logger, only one main method and verifying if LogLevel is enabled. If log level isn't enabled, then return. pick d7a8397 adding back the logger methods with string as parameter, avoiding calling the factory when plain string are used. pick d413201 simplify method calls * adding back the logger methods with string as parameter, avoiding calling the factory when plain string are used. * simplify method calls * adding unit test case, If minimum log level not set then no logs are written * adding logging benchmark * code cleanup in steps and naming issues fixes pick c4f6dc9 adding loglevel acceptance tests, verifying that the logs are returned according to the minimum log level set in appsettings pick 478f139 enhanced unit tests, verifying 1) that the log method is only called when log level enabled 2) that the string function is only invoked when log level enabled * adding loglevel acceptance tests, verifying that the logs are returned according to the minimum log level set in appsettings * enhanced unit tests, verifying 1) that the log method is only called when log level enabled 2) that the string function is only invoked when log level enabled * weird issue with the merge. * adding comment * Update src/Ocelot/ServiceDiscovery/ServiceDiscoveryProviderFactory.cs Co-authored-by: Raman Maksimchuk <[email protected]> * Update src/Ocelot/Claims/Middleware/ClaimsToClaimsMiddleware.cs Co-authored-by: Raman Maksimchuk <[email protected]> * Update src/Ocelot/Configuration/Repository/FileConfigurationPoller.cs Co-authored-by: Raman Maksimchuk <[email protected]> * Update src/Ocelot/DownstreamRouteFinder/Finder/DownstreamRouteProviderFactory.cs Co-authored-by: Raman Maksimchuk <[email protected]> * Update src/Ocelot/Logging/AspDotNetLogger.cs Co-authored-by: Raman Maksimchuk <[email protected]> * Update test/Ocelot.AcceptanceTests/LogLevelTests.cs Co-authored-by: Raman Maksimchuk <[email protected]> * Update src/Ocelot/Configuration/Repository/FileConfigurationPoller.cs Co-authored-by: Raman Maksimchuk <[email protected]> * As mentioned, using OcelotLogger instead of AspDotNeLogger as default logger name * Some code refactoring and usage of factories in LogLevelTests * Update src/Ocelot/Claims/Middleware/ClaimsToClaimsMiddleware.cs Co-authored-by: Raman Maksimchuk <[email protected]> * using overrided method WriteLog for strings, some changes as requested, * code changes after review 2 pick ad0e060 Update test/Ocelot.UnitTests/Middleware/OcelotPiplineBuilderTests.cs * checking test cases * adding ms logger benchmarks with console provider. Unfortunately, benchmark.net doesn't support "quiet" mode yet. * 2 small adjustments * Adding multi targets support for serilog * Fix warnings * Review new logger * Fix unit tests * The last change but not least * Update logging.rst: Add draft * Update logging.rst: Add RequestId section * Update logging.rst: "Best Practices" section * Update logging.rst: "Top Logging Performance?" subsection * Update logging.rst: Rewrite "Request ID" section * Update requestid.rst: Review and up to date * Update logging.rst: "Run Benchmarks" section --------- Co-authored-by: Raman Maksimchuk <[email protected]> * #1783 Less logs for circuit breakers (Polly exceptions) (#1786) * #1783 More accurate logs for circuit breakers (and other "polly" exceptions) Remove try/catch in PollyPoliciesDelegatingHandler and add a more generic AddPolly<T> to be able to use a specific PollyQoSProvider * fix should_be_invalid_re_route_using_downstream_http_version UT * fix remarks on PR * arrange code * fix UT * merge with release/net8 branch * switch benchmark to Net8 * Fix warnings * Final review --------- Co-authored-by: Ray <[email protected]> Co-authored-by: raman-m <[email protected]> * Revert #1172 feature (#1807) * Revert #1172 * Remove Header * Take actual version of caching.rst and remove Header info * Release 22.0 | +semver: breaking --------- Co-authored-by: Raynald Messié <[email protected]> Co-authored-by: Ray <[email protected]> Co-authored-by: Mohsen Rajabi <[email protected]> Co-authored-by: jlukawska <[email protected]> Co-authored-by: Stjepan <[email protected]> Co-authored-by: Stjepan Majdak <[email protected]> Co-authored-by: Guillaume Gnaegi <[email protected]> Co-authored-by: Samuel Poirier <[email protected]>

wast added a commit to wast/Ocelot that referenced this issue Apr 6, 2020

Fix issue ThreeMammals#952 and ThreeMammals#1174

d47fb63

wast mentioned this issue Apr 6, 2020

#952 #1174 Merge query strings without duplicate values #1182

Merged

raman-m pushed a commit to wast/Ocelot that referenced this issue Jul 26, 2023

Fix issue ThreeMammals#952 and ThreeMammals#1174

8787956

raman-m pushed a commit to wast/Ocelot that referenced this issue Oct 12, 2023

Fix issue ThreeMammals#952 and ThreeMammals#1174

88b651b

raman-m pushed a commit to wast/Ocelot that referenced this issue Oct 26, 2023

Fix issue ThreeMammals#952 and ThreeMammals#1174

b48247d

raman-m pushed a commit to wast/Ocelot that referenced this issue Oct 27, 2023

Fix issue ThreeMammals#952 and ThreeMammals#1174

30d105c

raman-m assigned wast Oct 29, 2023

raman-m added bug Identified as a potential bug accepted Bug or feature would be accepted as a PR or is being worked on labels Oct 29, 2023

raman-m added a commit to wast/Ocelot that referenced this issue Oct 31, 2023

Add tests for issue ThreeMammals#1174

d61c17e

raman-m closed this as completed in #1182 Nov 1, 2023

raman-m added merged Issue has been merged to dev and is waiting for the next release and removed accepted Bug or feature would be accepted as a PR or is being worked on labels Nov 1, 2023

raman-m added the Oct'23 label Nov 10, 2023

raman-m added this to the October'23 milestone Nov 18, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Query string parameter getting duplicated in downstream path #1174

Query string parameter getting duplicated in downstream path #1174

sunilk3 commented Mar 29, 2020 •

edited by raman-m

Loading

wast commented Apr 1, 2020 •

edited

Loading

sunilk3 commented Apr 2, 2020

sunilk3 commented Apr 20, 2020

Query string parameter getting duplicated in downstream path #1174

Query string parameter getting duplicated in downstream path #1174

Comments

sunilk3 commented Mar 29, 2020 • edited by raman-m Loading

Expected Behavior

Actual Behavior

Steps to Reproduce the Problem

Specifications

More Details

wast commented Apr 1, 2020 • edited Loading

sunilk3 commented Apr 2, 2020

sunilk3 commented Apr 20, 2020

sunilk3 commented Mar 29, 2020 •

edited by raman-m

Loading

wast commented Apr 1, 2020 •

edited

Loading