Problem/Motivation
The current web.config
doesn't relax the default requestPathInvalidCharacters
settings of IIS.
This means that colons (:
) in URLs are classified as invalid characters.
Because of this URLs like the one from the block management (http://wl56www523.webland.ch/drupal/web/admin/structure/block/add/block_content%3Adc5f60cf-8510-4a21-b899-641571747188/bodies?region=section_first&_wrapper_format=drupal_modal
) are blocked.
Proposed resolution
Add the <httpRuntime requestValidationMode="2.0" requestPathInvalidCharacters="*,%,?,\,&,<,>" />
directive to the web.config
file.
This should allow colons in URLs.
Remaining tasks
This was tested with "Microsoft-IIS/7.5" and "AspNet-Version:4.0.30319" - as I'm very unfamiliar with IIS this defintitely needs a review from someone that's more familiar with that webserver.
Another open question is if the config syntax for &,<,>
is valid - I had to use &,<,>
to avoid a 500 error from IIS, and it seems like the related chars are filtered properly.
However, if this is server version / configuration specific syntax we might break installations if we simply update the web.config
.
User interface changes
None
API changes
None
Data model changes
None
Comment | File | Size | Author |
---|---|---|---|
#16 | interdiff_2895002_13-16.txt | 514 bytes | andregp |
#16 | 2895002-16.patch | 1.09 KB | andregp |
| |||
#13 | 2895002-13.patch | 506 bytes | _pratik_ |
drupal-allow-colons-in-urls-on-iis.patch | 553 bytes | das-peter | |
Comments
Comment #7
Kristen PolThanks the issue and patch.
1) Patch applies cleanly to 9.1.x.
2) I'm unclear what " - this is uses" means. Marking back to "Needs work" for wording change. Thanks.
Comment #11
larowlanComment #13
_pratik_ CreditAttribution: _pratik_ as a volunteer and at Specbee for Drupal India Association commentedUpdated Comment.
Comment #14
rpayanmComment #16
andregp CreditAttribution: andregp at CI&T commentedI addressed the failing test and created a Change Record (https://www.drupal.org/node/3284755)
Comment #18
smustgrave CreditAttribution: smustgrave at Mobomo commentedThis issue is being reviewed by the kind folks in Slack, #needs-review-queue-initiative. We are working to keep the size of Needs Review queue [2700+ issues] to around 400 (1 month or less), following Review a patch or merge request as a guide.
Kicked off a D10 build but don't expect failures. Think this good for committers to take a look.
Comment #19
larowlanIt would be good to have this reviewed by someone who uses IIS
Comment #20
smustgrave CreditAttribution: smustgrave at Mobomo commentedSeems we can't get anyone who uses IIS to test. How best to proceed with this ticket?
Comment #21
smustgrave CreditAttribution: smustgrave at Mobomo commentedSee related issue.