Having a `:` or `@` in a route does not work by arthurdarcet · Pull Request #1552 · aio-libs/aiohttp

arthurdarcet · 2017-01-23T13:33:21Z

The URL escaping done for the request urls and in the router when adding resources should be consistent.
Currently, : and @ are considered "safe" by yarl and not escaped in request.rel_url.raw_path ; but the router does escape them and so the created resource never match:

import aiohttp
import aiohttp.web
import asyncio


async def server(loop):
	app = aiohttp.web.Application(loop=loop)
	app.router.add_get('/a-b', lambda _: aiohttp.web.Response(text="OK"))
	app.router.add_get('/a:b', lambda _: aiohttp.web.Response(text="nope"))
	app.router.add_get('/a%3Ab', lambda _: aiohttp.web.Response(text="still nope"))
	handler = app.make_handler()
	await loop.create_server(handler, '0.0.0.0', 8080)

async def main(loop):
	srv = await server(loop)
	async with aiohttp.get('http://0.0.0.0:8080/a-b') as resp:
		print('--->', resp.status)
	async with aiohttp.get('http://0.0.0.0:8080/a:b') as resp:
		print('--->', resp.status)
	async with aiohttp.get('http://0.0.0.0:8080/a%3Ab') as resp:
		print('--->', resp.status)

loop = asyncio.get_event_loop()
loop.run_until_complete(main(loop))

Output:

% python a.py
---> 200
---> 404
---> 404

I have updated the router to avoid using yarl.quote and use yarl.URL(…).raw_path instead, ensuring the escaping is consistent in both cases. (and I added a test that fails without this patch)

…he one done in yarl.URL.__init__

codecov-io · 2017-01-23T15:47:10Z

Codecov Report

Merging #1552 into master will increase coverage by 0.34%.

@@            Coverage Diff             @@
##           master    #1552      +/-   ##
==========================================
+ Coverage   98.59%   98.94%   +0.34%     
==========================================
  Files          30       30              
  Lines        7055     6996      -59     
  Branches     1176     1169       -7     
==========================================
- Hits         6956     6922      -34     
+ Misses         58       37      -21     
+ Partials       41       37       -4

Impacted Files	Coverage Δ
aiohttp/web_urldispatcher.py	`99.8% <100%> (+0.19%)`	✅
aiohttp/streams.py	`98.59% <ø> (-0.02%)`	❌
aiohttp/parsers.py	`99.28% <ø> (-0.01%)`	❌
aiohttp/test_utils.py	`100% <ø> (ø)`	✅
aiohttp/server.py	`100% <ø> (ø)`	✅
aiohttp/web_server.py	`100% <ø> (ø)`	✅
aiohttp/pytest_plugin.py	`100% <ø> (ø)`	✅
aiohttp/web_reqrep.py	`99.81% <ø> (+0.36%)`	✅
aiohttp/connector.py	`98.33% <ø> (+0.47%)`	✅
... and 3 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 1811685...d7f724b. Read the comment docs.

fafhrd91 · 2017-02-06T22:47:49Z

thanks!

lock · 2019-10-29T03:04:51Z

This thread has been automatically locked since there has not been
any recent activity after it was closed. Please open a new issue for
related bugs.

If you feel like there's important points made in this discussion,
please include those exceprts into that new issue.

arthurdarcet force-pushed the colon-urls branch from 436f279 to 0732059 Compare January 23, 2017 13:43

do not use yarl.quote directly ; escaping should be consistent with t…

d7f724b

…he one done in yarl.URL.__init__

arthurdarcet force-pushed the colon-urls branch from 0732059 to d7f724b Compare January 23, 2017 15:38

fafhrd91 merged commit d292d7e into aio-libs:master Feb 6, 2017

arthurdarcet deleted the colon-urls branch March 6, 2017 11:21

lock bot added the outdated label Oct 29, 2019

lock bot locked as resolved and limited conversation to collaborators Oct 29, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Having a `:` or `@` in a route does not work#1552

Having a `:` or `@` in a route does not work#1552
fafhrd91 merged 1 commit intoaio-libs:masterfrom
arthurdarcet:colon-urls

arthurdarcet commented Jan 23, 2017

Uh oh!

codecov-io commented Jan 23, 2017 •

edited

Loading

Uh oh!

fafhrd91 commented Feb 6, 2017

Uh oh!

lock bot commented Oct 29, 2019

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Uh oh!

Conversation

arthurdarcet commented Jan 23, 2017

Uh oh!

codecov-io commented Jan 23, 2017 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

fafhrd91 commented Feb 6, 2017

Uh oh!

lock bot commented Oct 29, 2019

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

codecov-io commented Jan 23, 2017 •

edited

Loading