fix: preserve percent-encoded path when forwarding#192
Merged
SasSwart merged 1 commit intocoder:mainfrom Apr 24, 2026
Merged
Conversation
mtojek
reviewed
Apr 23, 2026
| ) | ||
|
|
||
| backend := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { | ||
| mu.Lock() |
Member
There was a problem hiding this comment.
hm... do we really need the mutex?
Author
There was a problem hiding this comment.
Yeah creating a new test file was overkill, just added it to existing one
| got := receivedRawURI | ||
| mu.Unlock() | ||
|
|
||
| assert.Equal(t, encodedPath, got, |
Member
There was a problem hiding this comment.
I'm looking at proxy_test.go and this could be the right moment to bring another helper function. Something like:
t.Run("PercentEncodedSlash", func(t *testing.T) {
pt.ExpectRawURI(
"http://localhost:8080/npm/npm-all/@sentry%2Fbun",
"jsonplaceholder.typicode.com",
"/npm/npm-all/@sentry%2Fbun",
)
})
ptenkale123
force-pushed
the
ptenkale/fix-preserve-encoded-path
branch
2 times, most recently
from
fcd06bf to
26f2861
Compare
ptenkale123
force-pushed
the
ptenkale/fix-preserve-encoded-path
branch
from
26f2861 to
c540b35
Compare
Contributor
|
Review request acknowledged |
Author
Contributor
|
Hey @ptenkale123, I'm checking for objections internally. If there are none, I will create a new release tomorrow. |
Contributor
|
@ptenkale123 this has been released in v0.9.0. Thanks for the contribution. Feel free to test it out and be sure to let us know if there is anything else! |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
The HTTP/HTTPS forwarder built the upstream URL from
req.URL.Pathalone, which is the decoded path.url.URL.String()then re-encoded it and emitted any%2Fas a literal/. Upstreams that treat/@scope%2Fnameand/@scope/nameas distinct paths — notably AWS CodeArtifact's scoped-package API — return400before reaching auth.Per RFC 3986 §2.2, proxies shouldn't unconditionally decode reserved characters.
Fix
Copy
req.URL.RawPathinto the forwardedurl.URLalongsidePath. Go'surl.URL.EscapedPath()(called byString()) returnsRawPathverbatim when it's a valid encoding ofPath, so the original%2Fsurvives on the wire.Test plan
TestForwardPreservesPercentEncodedPathinproxy/proxy_encoding_test.go— sends/npm/npm-all/@sentry%2Fbunthrough the proxy to a localhttptestbackend and asserts the backend'sr.RequestURIstill contains%2F./@sentry/bun) and passes with it.go test ./proxy/...suite green.