FormFilter Issue: Incorrect Handling of URL-Encoded Parameters in Query String #3929
Description
Describe the bug
The FormFilter incorrectly handles POST requests with URL-encoded parameters in the query string, causing double encoding and parameter duplication.
Reproduction Steps
- Start a gateway server with the following route configuration:
@SpringBootApplication
public class GatewayServer {
public static void main(String[] args) {
SpringApplication.run(GatewayServer.class, args);
}
@Bean
public RouterFunction<ServerResponse> getRoute() {
return route()
.POST("/anything", http("https://httpbin.org"))
.build();
}
}- Send a POST request to the gateway server:
curl -X POST "http://localhost:8080/anything?foo=%7B%7D" \
-H "Content-Type: application/x-www-form-urlencoded; charset=UTF-8"Expected vs. Actual Behavior
Expected request sent to upstream:
POST /anything?foo=%7B%7D HTTP/1.1
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
<empty body>Actual request sent to upstream:
POST /anything?foo=%257B%257D HTTP/1.1
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
foo=%7B%7DRoot Cause
The issue stems from a mismatch in parameter handling:
HttpServletRequest#getParameterMap()returns parameters that have already been URL-decoded by the servlet container- The existing
queryParamscontains raw (non-decoded) parameters - This causes the filter to incorrectly process the parameters, resulting in double encoding (
%7B%7Dbecomes%257B%257D) and duplication of parameters in the request body
Solution
I will submit a pull request to address this parameter handling inconsistency in the FormFilter.