We have a web application calling APIs via WSO2 APIM. We have an API that GETs an object by ID. So the URL is something like /{id}. This works fine if the ID is just normal characters, but we have cases where the ID includes an @ symbol. So it calls something like . The underlying API is fine about this - if I call the back-end service directly it works. But the APIM returns 404 Not Found! Tried both with the URL-encoded A%40B and the raw A@B and both behave the same. The response is from the APIM, nothing is reaching the actual service. It is a GET so there is no Content-Type header, but it's the actual URL, not the body, that is the problem and URLs are always URL-encoded.
Why does WSO2 not like the special characters? They are URL-encoded so should be treated as just part of the data string. Is there any way around this, like a config I can change to make it work?
(As it's a web application it does the CORS pre-flight requests. So, it does an OPTIONS request to the gateway, for the URL it intends to call, before making the actual call. This also gives 404 so the web application treats it as a CORS error. However, if I make the call myself it give me 404 for both the GET and OPTIONS)
More Details to Reproduce
I have tested using a simple example API that I defined using the Publisher within WSO2 and pointing at a webhook site that just returns "OK".
My API just defines a single endpoint: GET /code/{code} My full API Definition is
openapi: 3.0.1
info:
title: SpecialCharTest
version: v1
servers:
- url: /
security:
- default: []
paths:
'/code/{code}':
get:
parameters:
- name: code
in: path
required: true
style: simple
explode: false
schema:
type: string
responses:
'200':
description: OK
security:
- default: []
x-auth-type: Application & Application User
x-throttling-tier: Unlimited
x-wso2-application-security:
security-types:
- oauth2
optional: false
components:
securitySchemes:
default:
type: oauth2
flows:
implicit:
authorizationUrl: ''
scopes: {}
x-wso2-auth-header: Authorization
x-wso2-cors:
corsConfigurationEnabled: false
accessControlAllowOrigins:
- '*'
accessControlAllowCredentials: false
accessControlAllowHeaders:
- authorization
- Access-Control-Allow-Origin
- Content-Type
- SOAPAction
- apikey
- Internal-Key
- X-Carus-Sales-Channel-Code
- X-Carus-Terminal-Code
- X-Carus-APISYS
- X-Carus-Auth
- X-Carus-Device-Secret
- X-Carus-RenderNullFields
accessControlAllowMethods:
- GET
- PUT
- POST
- DELETE
- PATCH
- OPTIONS
x-wso2-production-endpoints:
urls:
- '/55c35a77-2554-4d6c-a5e2-83298dd6bc70'
type: http
x-wso2-sandbox-endpoints:
urls:
- '/55c35a77-2554-4d6c-a5e2-83298dd6bc70'
type: http
x-wso2-basePath: /specialchartest/v1
x-wso2-transports:
- http
- https
x-wso2-response-cache:
enabled: false
cacheTimeoutInSeconds: 300
I point this at /55c35a77-2554-4d6c-a5e2-83298dd6bc70 as a back-end. I have configured this to just return code 200 and the body "OK" to all requests. I configure it in WSO2 with context /specialchartest and version v1
Calling via the gateway for a code without special characters works fine (I changed the domain to example in the below, in reality I used my internal domain running WSO2 APIM)
$ curl -X GET -H "Authorization: Bearer $TOKEN"
OK
Calling the back-end directly gives the same
$ curl -X GET /55c35a77-2554-4d6c-a5e2-83298dd6bc70/code/FOOABAR
OK
If I change the code from FOOABAR to FOO@BAR (and URL-encode it to FOO%40BAR) then calling the back-end still works
$ curl -X GET /55c35a77-2554-4d6c-a5e2-83298dd6bc70/code/FOO%40BAR
OK
However, calling via the WSO2 APIM is now 404
$ curl -X GET -H "Authorization: Bearer $TOKEN"
{"code":"404","type":"Status report","message":"Runtime Error","description":"No matching resource found for given API Request"}
I am running version 4.2.0 of WSO2 APIM
发布者:admin,转转请注明出处:http://www.yc00.com/questions/1744919577a4601048.html
评论列表(0条)