Issue with Redirect / RedirectPermanent with special characters

Question

Issue with Redirect / RedirectPermanent with special characters

Tratcher opened this issue 8 years ago · 4 comments

From @JeanCollas on July 18, 2017 12:15

I think it was not an issue before my upgrade of .NetCore version. It might also just be a parameter issue.

I have some URL that redirect to URL with special characters, that throws an exception on handling.

After checking the Headers, it appears that the "Referer" header has the URL of redirection, and it contains these special characters.
Shouldn't it be either encoded, either do not throw exception?
Is it something I should handle manually or a "bug"?

An exemple of header:

Referer: https://mysite.com/Account/ExternalLoginConfirmation?returnurl=/City/København-DK

Below a StackTrace:

System.InvalidOperationException: Invalid non-ASCII or control character in header: 0x00F8 
at Microsoft.AspNetCore.Server.Kestrel.Internal.Http.FrameHeaders.ThrowInvalidHeaderCharacter(Char ch) 
at Microsoft.AspNetCore.Server.Kestrel.Internal.Http.FrameHeaders.ValidateHeaderCharacters(String headerCharacters) 
at Microsoft.AspNetCore.Server.Kestrel.Internal.Http.FrameHeaders.ValidateHeaderCharacters(StringValues headerValues) 
at Microsoft.AspNetCore.Server.Kestrel.Internal.Http.FrameResponseHeaders.SetValueFast(String key, StringValues value) 
at Microsoft.AspNetCore.Server.Kestrel.Internal.Http.FrameHeaders.Microsoft.AspNetCore.Http.IHeaderDictionary.set_Item(String key, StringValues value) 
at Microsoft.AspNetCore.Http.Internal.DefaultHttpResponse.Redirect(String location, Boolean permanent) 
at Microsoft.AspNetCore.Mvc.ActionResult.ExecuteResultAsync(ActionContext context) 
at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.d__30.MoveNext() 
--- End of stack trace from previous location where exception was thrown --- 
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() 
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) 
at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.d__28.MoveNext() 
--- End of stack trace from previous location where exception was thrown --- 
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() 
at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.Rethrow(ResultExecutedContext context) 
at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted) 
at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.d__22.MoveNext() 
--- End of stack trace from previous location where exception was thrown --- 
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() 
at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.Rethrow(ResourceExecutedContext context) 
at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.Next(State& next, Scope& scope, Object& state, Boolean& isCompleted) 
at Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker.d__20.MoveNext() 
--- End of stack trace from previous location where exception was thrown --- 
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() 
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) 
at Microsoft.AspNetCore.Builder.RouterMiddleware.d__4.MoveNext() 
--- End of stack trace from previous location where exception was thrown --- 
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() 
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) 
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware`1.d__18.MoveNext() 
--- End of stack trace from previous location where exception was thrown --- 
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() 
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware`1.d__18.MoveNext() 
--- End of stack trace from previous location where exception was thrown --- 
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() 
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) 
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware`1.d__18.MoveNext() 
--- End of stack trace from previous location where exception was thrown --- 
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() 
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware`1.d__18.MoveNext() 
--- End of stack trace from previous location where exception was thrown --- 
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() 
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) 
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware`1.d__18.MoveNext() 
--- End of stack trace from previous location where exception was thrown --- 
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() 
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware`1.d__18.MoveNext() 
--- End of stack trace from previous location where exception was thrown --- 
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() 
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) 
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware`1.d__18.MoveNext() 
--- End of stack trace from previous location where exception was thrown --- 
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() 
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware`1.d__18.MoveNext() 
--- End of stack trace from previous location where exception was thrown --- 
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() 
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) 
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware`1.d__18.MoveNext() 
--- End of stack trace from previous location where exception was thrown --- 
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() 
at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware`1.d__18.MoveNext() 
--- End of stack trace from previous location where exception was thrown --- 
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() 
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) 
at Microsoft.AspNetCore.Localization.RequestLocalizationMiddleware.d__4.MoveNext() 
--- End of stack trace from previous location where exception was thrown --- 
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw() 
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task) 
at [My middleware "_next" call]

Copied from original issue: dotnet/aspnetcore#2106

Answer 1 · 2017-07-18T21:32:42.000Z

Response.Redirect expects the given value to already be encoded. How are you generating the redirect url value? There are a number of tools to help you generate an encoded url (e.g. HostString, PathString, QueryString, UriHelper, etc..).

Do you mean that you took the redirect value from the Referer header?

Answer 2 · 2017-07-18T21:32:42.000Z

From @JeanCollas on July 18, 2017 21:29

Ok, if this is by design, it would be nice that it would appear in the comments of the method.
Indeed it works fine when the url is encoded, but if it would have been easier if the method did it itself :) (=encode if required) as it is not an URL issue, but header limitation issue.
I have no idea how it behaves for non-latin languages.

Answer 3 · 2017-07-18T21:33:37.000Z

Indeed, the doc comment should specify the required format/encoding.

Answer 4 · 2017-10-30T17:35:26.000Z

This is by design. @Tratcher will be adding a doc comment clarifying the behavior.