UTF-8 Characters not accepted in headers when running .NET Core 2.2-preview3 behind IIS #4318
Comments
ionepaul
changed the title
|
Can you try the new IIS In-Process mode as well? |
|
To be fair IIS is correct here. Cookie headers are supposed to be ASCII. Browsers are horribly inconsistent about what they allow and so Kestrel was adjusted to be non-spec compliant, because we were concerned about griefing. If you want a cross platform solution I'd suggest encoding, rather than relying on server behaviour. |
|
@blowdart IIS does accept UTF-8 headers that's not the issue and not the IIS is throwing the error |
|
@Tratcher yes, tried it with In-Process mode and the result was the same |
|
@ionepaul From my investigations earlier in aspnet/KestrelHttpServer#1144 (comment), I would expect out-of-process IIS to fail but in-process to work. Can you attach your repro so I can take a look and see what component is causing the failure? |
|
I just tried it with the sample code when you create a new project, nothing fancy, and it adds 'inprocess' by default, though running it through IIS Express is not accepting UTF-8 characters in headers. I've also tried to add hostingModel="inprocess" to a more complex app which is running over IIS, also specified AspNetCoreModuleV2, but seems that the application is not working with that hostingModel, the app pool is No Managed Code, I don't know if that needs to be changed when using 'inprocess' hosting model. |
|
hi @JunTaoLuo,
We added some breakpoints inside HttpParser.ParseHeaders(...), from Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http, for additional testing. This allowed us to see the contents of the "buffer" param, and found an interesting difference between using IIS Express and Kestrel:
Digging deeper, http://www.fileformat.info/info/unicode/char/e9/index.htm, it looks like the correct UTF-8 representation is [195,169], while 233, is UTF-16 (Unicode) or UTF-32 (at least part of it - I think it should be [233,0] or [233,0,0,0]) We couldn't figure out how the buffer was being built, and why it's using different bytes for the same char. Any tips would be awesome (sorry for the wall of text) |
|
We're aware that the reverse proxy scenario (out-of-process) isn't going to work. ANCM uses WinHttp to forward the request to Kestrel and it does not handle Unicode characters correctly. The scenarios we're expecting to work are direct kestrel and IIS in-process. It's odd that the cookie is missing for the in-process scenario. What do you get if you inspect the raw headers in the app? |
|
When using In-process, with cookie "test=Désirée":
|
|
Hmm, the server shouldn't impact the Cookies parser. @JunTaoLuo can you repro this? |
|
I'll take a look. |
|
Let me clarify the behaviour. We parse UTF-8 value for header values which is why What I'm concerned about is the original logs that contains |
|
@JunTaoLuo just to clarify, the "Microsoft.AspNetCore.Server.Kestrel.Core.BadHttpRequestException: Malformed request: invalid headers." exception is not logged / thrown when using IIS in-proc (only when using IIS out-of-proc). This was a confusion on our part (we thought we set the app to use "in process" but didn't). We'll try to use IIS "in-proc" (we don't use / need that cookie value, and just want the request to get to our endpoint). |
|
I see. If that's the case I'd say everything is working as expected. |
JunTaoLuo
added
the
✔️ Resolution: By Design
|
@JunTaoLuo, @Tratcher we see this bad request behaviour with Kestrel 2.1.9, 2.1.10 and 2.2.4. Repro:
Result: 400 bad request "Malformed request: invalid headers." |
|
Comments on closed issues are not tracked, please open a new issue with the details for your scenario. Please also include a wireshark trace as that's the easiest way to confirm the encoding. You're not using IIS as a proxy to kestrel are you? That configuration still has encoding issues. |
ghost
locked as resolved and limited conversation to collaborators
I know that the issue regarding this #1144 was fixed in the .NET Core 2.2-preview2, but
UTF-8 Characters seems to be accepted in headers only when running the application directly through the Kerstel server.
I didn't not manage to make it run when the app is using IIS as the proxy for Kerstel.
Do I need to configure something on the IIS side? I tried both with ASP NET CORE MODULE V1 & V2, same result.
But is strange that the error seems to be from the Kerstel server:
dotnet --info:
.NET Core SDK (reflecting any global.json):
Version: 2.2.100-preview3-009430
Commit: e0a11c9929
Runtime Environment:
OS Name: Windows
OS Version: 10.0.17134
OS Platform: Windows
RID: win10-x64
Base Path: C:\Program Files\dotnet\sdk\2.2.100-preview3-009430\
Host (useful for support):
Version: 2.2.0-preview3-27014-02
Commit: 525082ca3e
.NET Core SDKs installed:
2.1.202 [C:\Program Files\dotnet\sdk]
2.2.100-preview2-009404 [C:\Program Files\dotnet\sdk]
2.2.100-preview3-009430 [C:\Program Files\dotnet\sdk]
.NET Core runtimes installed:
Microsoft.AspNetCore.All 2.2.0-preview2-35157 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.All]
Microsoft.AspNetCore.All 2.2.0-preview3-35497 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.All]
Microsoft.AspNetCore.App 2.2.0-preview2-35157 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
Microsoft.AspNetCore.App 2.2.0-preview3-35497 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
Microsoft.NETCore.App 2.0.9 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
Microsoft.NETCore.App 2.2.0-preview2-26905-02 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
Microsoft.NETCore.App 2.2.0-preview3-27014-02 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
Fiddler Trace
FiddlerTrace.zip
The text was updated successfully, but these errors were encountered: