Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: encode web proxy paths using url_encode #111

Merged
merged 2 commits into from
May 5, 2021
Merged

fix: encode web proxy paths using url_encode #111

merged 2 commits into from
May 5, 2021

Conversation

sherwinski
Copy link
Contributor

@sherwinski sherwinski commented May 4, 2021
edited
Loading

This PR changes the encoding function used on web proxy paths from CGI.escape to ERB::Util.url_encode, which is the same function used for general path encoding in this library. Because this library uses CGI.escape to encode a web proxy path, it encodes spaces as + rather than %20 (due to following the CGI/HTML form spec). However, encoding in this way results in URLs that do not resolve properly. More details can be found in this SO discussion.

See test below with active source:

client = Imgix::Client.new(domain: "sherwinski-proxy.imgix.net", include_library_param: false, secure_url_token: ...)
path = "https://sherwinski.imgix.net/ <>[]{}|\\^%.jpg"
puts client.path(path).to_url
// main branch - 403 Forbidden
https://sherwinski-proxy.imgix.net/https%3A%2F%2Fsherwinski.imgix.net%2F+%3C%3E%5B%5D%7B%7D%7C%5C%5E%25.jpg?s=35ca40e2e7b6bd208be2c4f7073f658e

// this branch - 200 OK
https://sherwinski-proxy.imgix.net/https%3A%2F%2Fsherwinski.imgix.net%2F%20%3C%3E%5B%5D%7B%7D%7C%5C%5E%25.jpg?s=2c215192a0fb2ee4c075cb7f6b57ea59

@sherwinski sherwinski requested a review from luqven May 4, 2021 22:17
@sherwinski sherwinski requested a review from a team as a code owner May 4, 2021 22:17
@commit-lint
Copy link

commit-lint bot commented May 4, 2021

Bug Fixes

  • encode web proxy paths using url_encode (9bf57ba)

Tests

  • ensure spaces are properly encoded (d52755d)

Contributors

sherwinski

Commit-Lint commands

You can trigger Commit-Lint actions by commenting on this PR:

  • @Commit-Lint merge patch will merge dependabot PR on "patch" versions (X.X.Y - Y change)
  • @Commit-Lint merge minor will merge dependabot PR on "minor" versions (X.Y.Y - Y change)
  • @Commit-Lint merge major will merge dependabot PR on "major" versions (Y.Y.Y - Y change)
  • @Commit-Lint merge disable will desactivate merge dependabot PR
  • @Commit-Lint review will approve dependabot PR
  • @Commit-Lint stop review will stop approve dependabot PR

ericdeansanchez
ericdeansanchez approved these changes May 4, 2021
View reviewed changes
Copy link
Contributor

@ericdeansanchez ericdeansanchez left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

:chefkiss: 👍

@sherwinski sherwinski merged commit 4c7161c into main May 5, 2021
@sherwinski sherwinski deleted the fix-web-proxy-encoding branch May 5, 2021 02:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ericdeansanchez ericdeansanchez ericdeansanchez approved these changes

@luqven luqven Awaiting requested review from luqven

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sherwinski @ericdeansanchez