Skip to content

fix(proxy-rewrite): query string discarded when use_real_request_uri_…#12843

Merged
AlinsRan merged 10 commits into
apache:masterfrom
YapWC:fix/proxy-rewrite-discarded-query-string
Jul 8, 2026
Merged

fix(proxy-rewrite): query string discarded when use_real_request_uri_…#12843
AlinsRan merged 10 commits into
apache:masterfrom
YapWC:fix/proxy-rewrite-discarded-query-string

Conversation

@YapWC

@YapWC YapWC commented Dec 25, 2025

Copy link
Copy Markdown
Contributor

…unsafe is true

When use_real_request_uri_unsafe is set to true, url that was requested with query string, arguments is not parsed. Expected to parse the arguments just like same default behavior when use_real_request_uri_unsafe is set to false.

The real issue lies in the fact that when use_real_request_uri_unsafe is set to true and conf.uri is provided, the core.utils.resolve_var output back an upstream uri that does not include query string. Therefore we need to concatenate the query string for the case if conf.uri is true.

Description

Which issue(s) this PR fixes:

Fixes #12623

Checklist

  • I have explained the need for this PR and the problem it solves
  • I have explained the changes or the new features added to this PR
  • I have added tests corresponding to this change
  • I have updated the documentation to reflect this change
  • I have verified that this change is backward compatible (If not, please discuss on the APISIX mailing list first)

…unsafe is true

When use_real_request_uri_unsafe is set to true, url that was requested with query string, arguments is not parsed. Expected to parse the arguments just like same default behavior when use_real_request_uri_unsafe is set to false.

The reason this problem exist is because `if ctx.var.is_args == "?" then` statement is inside `if not conf.use_real_request_uri_unsafe then` which then bypasses args parsing.
@dosubot dosubot Bot added size:M This PR changes 30-99 lines, ignoring generated files. bug Something isn't working labels Dec 25, 2025

@Baoyuantop Baoyuantop left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If the plugin only configures "use_real_request_uri_unsafe": true, it will cause the query to be concatenated repeatedly.

@Baoyuantop Baoyuantop added wait for update wait for the author's response in this issue/PR and removed awaiting review labels Dec 26, 2025
@YapWC

YapWC commented Dec 26, 2025

Copy link
Copy Markdown
Contributor Author

Hi @Baoyuantop alright I think I understand what you mean. I think it is better for me to debug it line by line in this case. For your side normally how do you run debugging/printing code output?

YapWC and others added 2 commits December 26, 2025 11:46
The real issue lies in the fact that when use_real_request_uri_unsafe is set to true and conf.uri is provided, the core.utils.resolve_var output back an upstream uri that does not include query string. Therefore we need to concatenate the query string for the case if conf.uri is true.

The previous commit does not solve the issue as the issue is not related in the `if not conf.use_real_request_uri_unsafe then` statement.
@dosubot dosubot Bot added size:L This PR changes 100-499 lines, ignoring generated files. and removed size:M This PR changes 30-99 lines, ignoring generated files. labels Dec 27, 2025
@Baoyuantop Baoyuantop added awaiting review and removed wait for update wait for the author's response in this issue/PR labels Jan 4, 2026
Comment thread apisix/plugins/proxy-rewrite.lua Outdated
@Baoyuantop Baoyuantop requested a review from Copilot January 26, 2026 08:46
@Baoyuantop Baoyuantop added wait for update wait for the author's response in this issue/PR and removed awaiting review labels Jan 26, 2026

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Fixes proxy-rewrite behavior where the original request query string is dropped when use_real_request_uri_unsafe=true and conf.uri is set, aligning unsafe mode with the default (safe) behavior.

Changes:

  • Update proxy-rewrite rewrite logic to preserve the query string when use_real_request_uri_unsafe=true and uri is configured.
  • Add regression tests covering query preservation in unsafe mode.
  • Extend/adjust tests around URI normalization behavior when unsafe mode is disabled.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

File Description
apisix/plugins/proxy-rewrite.lua Appends the original query string when building upstream_uri from conf.uri in unsafe mode.
t/plugin/proxy-rewrite.t Adds tests to verify query args are preserved when use_real_request_uri_unsafe=true and uri is rewritten.
t/plugin/proxy-rewrite3.t Updates test descriptions and adds coverage for normalization behavior when unsafe mode is not enabled.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread apisix/plugins/proxy-rewrite.lua Outdated
@Baoyuantop

Copy link
Copy Markdown
Contributor

Hi @YapWC, following up on the previous review comments. Please let us know if you have any updates. Thank you.

@moonming moonming left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @YapWC, thank you for fixing the query string issue in proxy-rewrite!

Query strings being discarded when using use_real_request_uri is a real bug that affects production use.

Please:

  1. Rebase on the latest master
  2. Add edge case tests: empty query strings, query strings with special characters, multiple ? in the URI
  3. Verify the fix works correctly with both use_real_request_uri_unsafe variants

Looking forward to the update!

@Baoyuantop

Copy link
Copy Markdown
Contributor

Hi @YapWC, following up on the previous review comments. Please let us know if you have any updates. Thank you.

Comment thread t/plugin/proxy-rewrite.t
AlinsRan added 2 commits July 7, 2026 15:43
Address review feedback: when conf.uri already carries its own query string,
merge the original query with '&' instead of concatenating a second '?'.
Simplify the added comments.
AlinsRan added 3 commits July 7, 2026 15:46
…e '?' and both variants

Address review feedback on the query-string fix:
- conf.uri carrying its own query merged with '&' (no double '?')
- use_real_request_uri_unsafe only (no conf.uri): query reaches upstream once
- query with special characters and multiple '?' passed through unchanged
- same conf.uri with use_real_request_uri_unsafe disabled, verifying both
  variants keep the query string consistently
Fix non-sequential TEST numbers (45/46 -> 42/43) so the reindex lint check passes.
@AlinsRan AlinsRan requested a review from moonming July 8, 2026 06:47
@AlinsRan AlinsRan merged commit a3a8138 into apache:master Jul 8, 2026
16 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

bug Something isn't working size:L This PR changes 100-499 lines, ignoring generated files. wait for update wait for the author's response in this issue/PR

Projects

None yet

Development

Successfully merging this pull request may close these issues.

bug: proxy-rewrite discard the query string when use_real_request_uri_unsafe is true

8 participants