Support Brackets in URL Query String with Tomcat

Support Brackets in URL Query String with Tomcat

Some web APIs use brackets [] in the URL query strings. A typical example is the Promethues HTTP API which uses query parameters like match[]=<series_selector>. According to HTTP 1.1 spec, characters like [ and ] needs to be encoded with % when used in URL query strings. Unfortunately, many browsers are not compliant with this specification and use these characters in unencoded form. This causes Tomcat to return 400 error.

To solve this issue, Tomcat 8.5.32 introduced two configuration properties of HTTP connector to relax the restriction of handling these characters in URL paths and query strings. For these two properties, only combinations of characters " < > [ \ ] ^ `` { | } are allowed.

  • relaxedPathChars - Unencoded characters allowed in path
  • relaxedQueryChars - Unencoded characters allowed in query string

If you are using Spring Boot embedded Tomcat server, you can use configuration properties server.tomcat.relaxed-path-chars and server.tomcat.relaxed-query-chars.

These configuration properties for Tomcat were added in Spring Boot 2.2.0.M5. If you are using an old version of Spring Boot, then you may need to switch to another servlet container, like Undertow.

© 2021 VividCode