roadrunner: [🐛 BUG]: RoadRunner alters form body

No duplicates 🥲.

  • I have searched for a similar issue in our bug tracker and didn’t find any solutions.

What happened?

There is one somewhat old service and a client to it. Files are sent there wrapped in application/x-www-form-urlencoded. When this service was migrated to RoadRunner, it was discovered that some of the files were corrupted.

We tried to fix it with raw_body: true option and parse the request ourselves, but the problem persists. Something inside RoadRunner is changing the contents of the request.

Version (rr --version)

2023.2.2

How to reproduce the issue?

I did a quick test with RR and default PHP server. The last one saves files properly, RR doesn’t.

Repo has a test.png file for test - this file is sent to the server and saved under a new name so you can check what’s going on.

https://github.com/revenkroz/rr-urlencoded-bug

Relevant log output

No response

About this issue

  • Original URL
  • State: open
  • Created 10 months ago
  • Comments: 18 (10 by maintainers)

Most upvoted comments

Hey @Starfox64 👋 I’m working on the fix. Basically, we have to do that because of JSON communication. I’m working on a protobuf-based payloads between the PHP workers and RR to completely resolve this problem. I’m sorry that this makes your usage of RR uncomfortable, but very soon that problem will disappear 😃

+2
rustatian on Dec 8, 2023

@rustatian I’m unsure if this is the direct cause of Author’s problem but in raw_body mode, the body is decoded instead of being sent as is. https://github.com/roadrunner-server/http/blob/0f8a315780502eb234760919d99e43048c4542eb/handler/request.go#L114

This is incorrect as it breaks value escaping done by the browser (when the user inserts & [ ] = in a field) and will prevent accurate usage of parse_str. This might also be a security issue as it allows injecting query parameters from a form field.

This is hitting us particularly hard as we are trying to work around #1634 by parsing urlencoded bodies manually but are unable to do so since the raw body is also corrupted.

+1
Starfox64 on Dec 8, 2023

@revenkroz I’ll leave this bug open, when I implement RAW proto payloads, I’ll ping you here 😃

+1
rustatian on Aug 30, 2023

@rustatian Sounds great! I will test it after the move from json.

Yeah, we have a problem with our legacy codebase - I think we should try to use another methods (multipart or base64), but update will be hard 😃 Thanks for help anyway!

+1
revenkroz on Aug 30, 2023
Read more comments on GitHub
← roadrunner: [🐛 BUG]: Request field ordering is random
roadrunner: [🐛 BUG]: RR [`v2.5.7`] doesn't construct new workers after call resetting command →