{"id":904,"date":"2019-10-31T13:03:00","date_gmt":"2019-10-31T05:03:00","guid":{"rendered":"http:\/\/www.langmanezhuang.com\/index.php\/2019\/10\/31\/%e5%bc%82%e5%b8%b8invalid-character-found-in-the-request-target-the-valid-characters-are-defined-in-rfc-3986\/"},"modified":"2019-10-31T13:03:00","modified_gmt":"2019-10-31T05:03:00","slug":"%e5%bc%82%e5%b8%b8invalid-character-found-in-the-request-target-the-valid-characters-are-defined-in-rfc-3986","status":"publish","type":"post","link":"http:\/\/blog.langmanezhuang.com\/index.php\/2019\/10\/31\/%e5%bc%82%e5%b8%b8invalid-character-found-in-the-request-target-the-valid-characters-are-defined-in-rfc-3986\/","title":{"rendered":"\u5f02\u5e38:Invalid character found in the request target. The valid characters are defined in RFC 3986"},"content":{"rendered":"

\u4e00\u3001\u80cc\u666f<\/strong><\/p>\n

\u3000\u3000\u4e8b\u60c5\u662f\u8fd9\u6837\u7684\uff0c\u524d\u51e0\u5929\u505a\u4e00\u4e2a\u57fa\u672c\u7684\u6570\u636e\u5e93“\u589e\u5220\u6539\u67e5”\u7684\u9700\u6c42\uff0c\u524d\u7aef\u4f20\u53c2\u7684\u65b9\u5f0f\u662f“JSON\u5b57\u7b26\u4e32”\uff0c\u540e\u7aef\u63a5\u6536\u5230\u6b64\u53c2\u6570\u540e\uff0c\u4f7f\u7528\u963f\u91cc\u5df4\u5df4fastjson\u8fdb\u884c\u89e3\u6790\uff0c\u7136\u540e\u5165\u5e93\u3002\u9700\u6c42\u5f88\u7b80\u5355\u5427\uff0c\u4f46\u662f\u504f\u504f\u9047\u5230\u95ee\u9898\u4e86\u3002<\/p>\n

\u3000\u3000\u6211\u53d1\u73b0\uff0cJSON\u5b57\u7b26\u4e32\u91cc\u9762\u65e0\u6570\u7ec4\uff0c\u7eaf\u7cb9\u7684\u90fd\u662fjson\u7ed3\u6784\u7684\u65f6\u5019\uff0c\u5373\u90fd\u662f“{}”\u65f6\uff0c\u4e0d\u4f1a\u62a5\u9519\uff0c\u4f20\u53c2\u5165\u5e93\u6ca1\u95ee\u9898\u3002\u4f46\u662f\u53ea\u8981\u4f20\u53c2\u7684\u503c\u91cc\u9762\u6709\u6570\u7ec4\uff0c\u5373\u6709“[]”\u7684\u7ed3\u6784\u65f6\uff0c\u5c31\u62a5\u9519\u3002\u62a5\u9519\u5185\u5bb9\u5982\u4e0b\uff08\u6211\u7684tomcat\u7248\u672c\u662f8.5.45<\/strong>\uff09\uff1a<\/p>\n

\n
java.lang.IllegalArgumentException: Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986\n    at org.apache.coyote.http11.Http11InputBuffer.parseRequestLine(Http11InputBuffer.java:479)\n    at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:684)\n    at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)\n    at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:800)\n    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1471)\n    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)\n    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)\n    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)\n    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)\n    at java.lang.Thread.run(Thread.java:748)\n<\/pre>\n<\/div>\n
 <\/p>\n
\u4e8c\u3001\u539f\u56e0<\/strong><\/p>\n
\u3000\u3000tomcat\u7684\u539f\u56e0\u3002 tomcat\u4e25\u683c\u6309\u7167RFC\u89c4\u8303\u8fdb\u884c\u8303\u6587\u89e3\u6790\uff0c\u968f\u7740\u7f51\u7edc\u73af\u5883\u7684\u53d8\u5316\uff0cRFC\u89c4\u8303\u4e5f\u5728\u4e0d\u65ad\u7684\u4fee\u6539\u548c\u5347\u7ea7\u4e2d\uff0c\u53d1\u5e03\u4e86\u597d\u591a\u7248\u672c\u3002\u800ctomcat\u7684\u4e0d\u540c\u7248\u672c\u4e2d\uff0c\u91c7\u7528\u7684RFC\u89c4\u8303\u7684\u7248\u672c\u662f\u4e0d\u540c\u7684\u3002\u6240\u4ee5\u4f60\u4f1a\u5728\u4e0b\u6587\u53d1\u73b0\uff0c\u6709\u7684\u4f4e\u7248\u672ctomcat\u6ca1\u6709\u8fd9\u4e2a\u95ee\u9898\u3002<\/p>\n
\u3000\u3000tomcat\u81eatomcat 8.0.35\u7248\u672c\u4e4b\u540e\u5bf9URL\u53c2\u6570\u505a\u4e86\u6bd4\u8f83\u89c4\u8303\u7684\u9650\u5236\uff0c\u5fc5\u987b\u9075\u5faaRFC 7230 and RFC 3986\u89c4\u8303\uff0c\u5bf9\u4e8e\u975e\u4fdd\u7559\u5b57\u5b57\u7b26\uff08json\u683c\u5f0f\u7684\u8bf7\u6c42\u53c2\u6570\uff09\u5fc5\u987b\u505a\u8f6c\u4e49\u64cd\u4f5c\u3002\u4f8b\u5982\uff1aRFC 3986\u89c4\u8303\u5b9a\u4e49\u4e86Url\u4e2d\u53ea\u5141\u8bb8\u5305\u542b\u82f1\u6587\u5b57\u6bcd\uff08a-zA-Z\uff09\u3001\u6570\u5b57\uff080-9\uff09\u3001-_.~4\u4e2a\u7279\u6b8a\u5b57\u7b26\u4ee5\u53ca\u6240\u6709\u4fdd\u7559\u5b57\u7b26(RFC3986\u4e2d\u6307\u5b9a\u4e86\u4ee5\u4e0b\u5b57\u7b26\u4e3a\u4fdd\u7559\u5b57\u7b26\uff1a! * ’ ( ) ; : @ & = + $ , \/ ? # [ ])\u3002<\/p>\n
\u3000\u3000Request For Comments\uff08RFC\uff09\uff0c\u662f\u4e00\u7cfb\u5217\u4ee5\u7f16\u53f7\u6392\u5b9a\u7684\u6587\u4ef6\u3002\u6587\u4ef6\u6536\u96c6\u4e86\u6709\u5173\u4e92\u8054\u7f51\u76f8\u5173\u4fe1\u606f\uff0c\u4ee5\u53caUNIX\u548c\u4e92\u8054\u7f51\u793e\u533a\u7684\u8f6f\u4ef6\u6587\u4ef6\u3002\u76ee\u524dRFC\u6587\u4ef6\u662f\u7531Internet Society\uff08ISOC\uff09\u8d5e\u52a9\u53d1\u884c\u3002\u57fa\u672c\u7684\u4e92\u8054\u7f51\u901a\u4fe1\u534f\u8bae\u90fd\u6709\u5728RFC\u6587\u4ef6\u5185\u8be6\u7ec6\u8bf4\u660e\u3002RFC\u6587\u4ef6\u8fd8\u989d\u5916\u52a0\u5165\u8bb8\u591a\u5728\u6807\u51c6\u5185\u7684\u8bba\u9898\uff0c\u4f8b\u5982\u5bf9\u4e8e\u4e92\u8054\u7f51\u65b0\u5f00\u53d1\u7684\u534f\u8bae\u53ca\u53d1\u5c55\u4e2d\u6240\u6709\u7684\u8bb0\u5f55\u3002\u56e0\u6b64\u51e0\u4e4e\u6240\u6709\u7684\u4e92\u8054\u7f51\u6807\u51c6\u90fd\u6709\u6536\u5f55\u5728RFC\u6587\u4ef6\u4e4b\u4e2d——\u767e\u5ea6\u767e\u79d1\u3002<\/p>\n
\u3000\u3000\u9644\u4e0a\u7f51\u7edc\u5927\u725b\u7684\u6e90\u7801\u5206\u6790\uff1a<\/p>\n
\n
\u5206\u6790\u7684\u662forg.apache.tomcat.util.http.parser.HttpParser\n\n\/\/tomcat 8.2.3 \u7248\u672c\u53ca tomcat 7.0.82 \uff0c\u90fd\u6709\u5982\u4e0b\u4ee3\u7801\uff0c\u8bfb\u53d6\u914d\u7f6e\nString prop = System.getProperty(\"tomcat.util.http.parser.HttpParser.requestTargetAllow\");\nif (prop != null) {\n    for (int i = 0; i < prop.length(); i++) {\n        char c = prop.charAt(i);\n        if (c == ‘{‘ || c == ‘}‘ || c == ‘|‘) {\n            REQUEST_TARGET_ALLOW[c] = true;\n        } else {\n            log.warn(sm.getString(\"httpparser.invalidRequestTargetCharacter\",Character.valueOf(c)));\n        }\n    }\n}\n\n\u800ctomcat 8.0.14 \u7248\u672c\u4e2d\u5e76\u6ca1\u6709\u8bfb\u53d6\u914d\u7f6e\uff0c\u5bf9 | { } \u7684\u5904\u7406\uff0c\u800c\u662f\u9ed8\u8ba4\u4e3a\u5408\u6cd5\u5b57\u7b26\u3002\nstatic {\n    for (int i = 0; i < 128; i++) {\n        if (i < 32) {\n            isToken[i] = false;\n        } else if (i == ‘(‘ || i == ‘)‘ || i == ‘<‘ || i == ‘>‘  || i == ‘@‘  ||\n                   i == ‘,‘ || i == ‘;‘ || i == ‘:‘ || i == ‘\\‘ || i == ‘\"‘ ||\n                   i == ‘\/‘ || i == ‘[‘ || i == ‘]‘ || i == ‘?‘  || i == ‘=‘  ||\n                   i == ‘{‘ || i == ‘}‘ || i == ‘ ‘ || i == ‘t‘) {\n            isToken[i] = false;\n        } else {\n            isToken[i] = true;\n        }\n        if (i >= ‘0‘ && i <= ‘9‘ || i >= ‘A‘ && i <= ‘F‘ ||i >= ‘a‘ && i <= ‘f‘) {\n            isHex[i] = true;\n        } else {\n            isHex[i] = false;\n        }\n    }\n}\n\u53ef\u4ee5\u770b\u51fa\u5728 8.0.x \u5de6\u53f3\u7684\u4e00\u4e9b\u7248\u672c\u4e2d,tomcat.util.http.parser.HttpParser. requestTargetAllow \uff08\u4e0b\u6587\u65b9\u6cd5\u4e09\uff09\u8fd9\u4e2a\u914d\u7f6e\u662f\u6ca1\u6709\u751f\u6548\u7684\uff0c\u5373| { } \u8fd93\u4e2a\u7b26\u53f7\u8ba4\u4e3a\u662f\u5408\u6cd5\u7684\u3002<\/pre>\n<\/div>\n
 <\/p>\n
\u4e09\u3001\u89e3\u51b3<\/strong><\/p>\n
\u3000\u3000<\/strong>\u6ce8\uff1a\u6211\u662f\u4f7f\u7528“\u65b9\u6cd5\u4e94”\u89e3\u51b3\u95ee\u9898\u7684\uff0c\u63a8\u8350“\u65b9\u6cd5\u4e94”\u3002<\/p>\n
\u3000\u3000\u65b9\u6cd5\u4e00<\/strong>\uff1a\u6362\u5230\u4f4e\u7248\u672c\u7684Tomcat\u3002<\/p>\n
\u3000\u3000\u65b9\u6cd5\u4e8c<\/strong>\uff1a\u5728Catalina.properties\u4e2d\u6dfb\u52a0tomcat.util.http.parser.HttpParser.requestTargetAllow=|{}\u8fd9\u4e2a\u4e1c\u897f\u660e\u663e\u662f\u5141\u8bb8“|”\u548c\u5927\u62ec\u53f7\u7684\uff0c\u4f46\u662f\u6211\u73b0\u5728\u7684\u95ee\u9898\u662f\u4e2d\u62ec\u53f7\u3002<\/p>\n
\u3000\u3000\u65b9\u6cd5\u4e09<\/strong>\uff1a\u6dfb\u52a0tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true\u8fd9\u4e2a\u662f\u5141\u8bb8url\u4e2d\u5e26\u6709\u7279\u6b8a\u5b57\u7b26\u7684\u3002\u8bd5\u8fc7\u4e86\uff0c\u4e5f\u4e0d\u597d\u4f7f\u3002<\/p>\n
\u3000\u3000\u65b9\u6cd5\u56db<\/strong>\uff1a\u5bf9\u4f20\u9012\u7684“JSON\u5b57\u7b26\u4e32”\u8fdb\u884curl\u7f16\u7801\u540e\u5728\u4f20\u9012,\u53ef\u4ee5\u89c4\u907f\u8fd9\u4e2a\u65b9\u62ec\u53f7\u3002\u524d\u7aef\u7528“encodeURI(xxx)”\u65b9\u6cd5\u7f16\u7801\uff0c\u540e\u7aef\u7528“URLDecoder.decode(xxx, “utf-8”)”\u89e3\u7801\u5373\u53ef\u3002<\/p>\n
\u3000\u3000\u65b9\u6cd5\u4e94<\/strong>\uff1a\u5728tomcat\u76ee\u5f55\u7684conf\u6587\u4ef6\u5939\u4e0b\uff0cserver.xml\u7684Connector\u4e2d\u6dfb\u52a0\u4e86\u8fd9\u4e2arelaxedQueryChars=”[,]”\u3002<\/p>\n
\u3000\u3000\u3000\u3000\u3000\u3000\u6ce8\uff1a<\/p>\n
1\u3001\u5982\u679c\u8fd8\u6709\u5176\u4ed6\u7279\u6b8a\u7684\u5b57\u7b26\u4e32\uff0c\u4e5f\u53ef\u4ee5\u76f4\u63a5\u6dfb\u52a0\u5230\u8fd9\u4e2a\u5c5e\u6027\u91cc\uff1b<\/p>\n
2\u3001\u5982\u679c\u4f60\u662fspringboot\u9879\u76ee\uff0c\u53ef\u4ee5\u5728SpringBootApplication\u7684\u7684main\u65b9\u6cd5\u4e2d\u589e\u52a0\uff1aSystem.setProperty(“tomcat.util.http.parser.HttpParser.requestTargetAllow”,”[]”); \u3000\u3000\u3000\u3000\u3000\u3000\"\u6280\u672f\u5206\u4eab\u56fe\u7247\"<\/p>\n
\u53c2\u8003<\/strong><\/p>\n
1\u3001https:\/\/blog.csdn.net\/Hitler698\/article\/details\/85720156<\/p>\n
2\u3001https:\/\/my.oschina.net\/pding\/blog\/1794176<\/p>\n
3\u3001http:\/\/www.bubuko.com\/infodetail-3238579.html<\/p>\n","protected":false},"excerpt":{"rendered":"
\u4e00\u3001\u80cc\u666f \u3000\u3000\u4e8b\u60c5\u662f\u8fd9\u6837\u7684\uff0c\u524d\u51e0\u5929\u505a\u4e00\u4e2a\u57fa\u672c\u7684\u6570\u636e\u5e93“\u589e\u5220\u6539\u67e5”\u7684\u9700\u6c42\uff0c\u524d\u7aef\u4f20\u53c2\u7684\u65b9\u5f0f … \u7ee7\u7eed\u9605\u8bfb \u5f02\u5e38:Invalid character found in the request target. The valid characters are defined in RFC 3986<\/span> →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"_links":{"self":[{"href":"http:\/\/blog.langmanezhuang.com\/index.php\/wp-json\/wp\/v2\/posts\/904"}],"collection":[{"href":"http:\/\/blog.langmanezhuang.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/blog.langmanezhuang.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/blog.langmanezhuang.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/blog.langmanezhuang.com\/index.php\/wp-json\/wp\/v2\/comments?post=904"}],"version-history":[{"count":0,"href":"http:\/\/blog.langmanezhuang.com\/index.php\/wp-json\/wp\/v2\/posts\/904\/revisions"}],"wp:attachment":[{"href":"http:\/\/blog.langmanezhuang.com\/index.php\/wp-json\/wp\/v2\/media?parent=904"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/blog.langmanezhuang.com\/index.php\/wp-json\/wp\/v2\/categories?post=904"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/blog.langmanezhuang.com\/index.php\/wp-json\/wp\/v2\/tags?post=904"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}