StandaloneAhcWSRequest rewrites application/x-www-form-urlencoded requests body, changes ordering of keys

Question

StandaloneAhcWSRequest rewrites application/x-www-form-urlencoded requests body, changes ordering of keys

jjoyce0510 opened this issue a year ago · 1 comments

jjoyce0510 commented a year ago

Are you looking for help?

No, just real issue.

Play WS Version (2.5.x / etc)

I'm on 2.6, but I believe this continues to impact all versions.

API (Scala / Java / Neither / Both)

Java

Operating System (Ubuntu 15.10 / MacOS 10.10 / Windows 10)

N/A

JDK (Oracle 1.8.0_72, OpenJDK 1.8.x, Azul Zing)

11

Expected Behavior

When building the StandaloneAhcWSRequest here, we rewrite the URL form encoded body string using a map. This does not preserve the ordering of keys specified by the user originally, which causes body-based signature verification in a downstream service to fail. Please either a) add a flag to disable this processing or b) Rewrite the body parameters in a way which preserves ordering.

Actual Behavior

I'm using Play to proxy inbound requests on a particular route downstream. The original request comes in with a Raw Body, and I use the bytes directly when creating the downstream request using WSClient. However, the URL encoded content ordering is not preserved when creating the new body. This causes a signature verification to fail in a downstream service. We need this to succeed!

Answer 1 · 2023-09-15T06:24:41.000Z

@jjoyce0510 If you provide a pull request I am happy to review, thanks!