Tomcat 8 is not able to handle get request with ‘|’ in query parameters?

by

This behavior is introduced in all major Tomcat releases:

  • Tomcat 7.0.73, 8.0.39, 8.5.7

To fix, do one of the following:

  • set relaxedQueryChars to allow this character
    (recommended, see Lincoln’s answer)
  • set requestTargetAllow option
    (deprecated in Tomcat 8.5) (see Jérémie’s answer).
  • you can downgrade to one of older versions (not recommended – security)

Based on changelog, those changes could affect this behavior:

Tomcat 8.5.3:

Ensure that requests with HTTP method names that are not tokens (as required by RFC 7231) are rejected with a 400 response

Tomcat 8.5.7:

Add additional checks for valid characters to the HTTP request line parsing so invalid request lines are rejected sooner.

The best option (following the standard) – you want to encode your URL on client:

encodeURI("http://localhost:8080/app/handleResponse?msg=name|id|")
> http://localhost:8080/app/handleResponse?msg=name%7Cid%7C

or just query string:

encodeURIComponent("msg=name|id|")
> msg%3Dname%7Cid%7C

It will secure you from other problematic characters (list of invalid URI characters).

More Related Contents:

  1. Adding external resources to class-path in Tomcat 8
  2. Increase permgen space
  3. Integrating tomcat and eclipse as a hot-deploy environment
  4. Java error: Only a type can be imported. XYZ resolves to a package
  5. Is it possible to disable jsessionid in tomcat servlet?
  6. Where are compiled JSP Java (*__jsp.java) files?
  7. How to tune Tomcat 5.5 JVM Memory settings without using the configuration program
  8. How to configure Tomcat to connect with MySQL
  9. Mapping a specific servlet to be the default servlet in Tomcat
  10. How I save and retrieve an image on my server in a java webapp [duplicate]
  11. Cannot create JDBC driver of class ‘ ‘ for connect URL ‘null’ : I do not understand this exception
  12. JSP – What is wrong with scriptlets, and what to use instead [duplicate]
  13. How to clean up ThreadLocals
  14. Session is lost and created as new in every servlet request
  15. Spring – Injecting a dependency into a ServletContextListener
  16. java.lang.NoClassDefFoundError: javax/servlet/http/HttpServletRequest
  17. IntelliJ and JSP/JSTL cannot resolve taglib for JSTL in tomcat7 [duplicate]
  18. Starting of Tomcat failed from Netbeans
  19. Singleton across JVM or Application instance or Tomcat instance
  20. Where is the “server log” for Tomcat when running externally from IntelliJ Ultimate?
  21. Apache Tomcat Not Showing in Eclipse Server Runtime Environments [duplicate]
  22. Tomcat: How to find out running Tomcat version?
  23. Running a background Java program in Tomcat [duplicate]
  24. How to store a file on a server(web container) through a Java EE web application?
  25. Facebook Connect example in JSP (tomcat)
  26. ExceptionHandler doesn’t work with Throwable
  27. Why tomcat server location property is greyed in Eclipse
  28. Tomcat: hot deploying new jars
  29. Detect the URI encoding automatically in Tomcat
  30. Tomcat: Cache-Control

Leave a Comment