Layer7 API Management

  • Private Community
 View Only

 Special letters in Route via HTTP(s) assertion

Shamim Abdulhai Ansari's profile image
Shamim Abdulhai Ansari posted Apr 24, 2025 07:35 AM

I have { and } character in one of static url which is actually JSON string passed in URL. Route via HTTP assertion was throwing the error for this static url. After replacing the encoded character for them in URL, it accepted it but service does not return any data. It seems that it didn't recognize those encoded characters. 

I want to know if anyone faced this issue and any resolution for same? I do not have choice to ask service provider to accept the encoded characters in URL.

Joseph Fry's profile image
Broadcom Employee Joseph Fry posted Apr 24, 2025 12:59 PM

Curly braces '{' and '}' are not allowed in a url per the RFC: https://datatracker.ietf.org/doc/html/rfc3986#section-2

You are only allowed to use unreserved characters: 

ALPHA / DIGIT / "-" / "." / "_" / "~"

Or the reserved characters:

 gen-delims  = ":" / "/" / "?" / "#" / "[" / "]" / "@"

      sub-delims  = "!" / "$" / "&" / "'" / "(" / ")"
                  / "*" / "+" / "," / ";" / "="


It used be in black in white in https://www.rfc-editor.org/rfc/rfc1738#page-3:

    ...Other characters are unsafe because
   gateways and other transport agents are known to sometimes modify
   such characters. These characters are "{", "}", "|", "\", "^", "~",
   "[", "]", and "`".

   All unsafe characters must always be encoded within a URL.


That said, not every system strictly enforces the RFC.  However its the responsibility of the non-conforming system to adjust when an incompatibility arises.

For example from "man curl":

-g/--globoff
              This  option  switches  off  the "URL globbing parser". When you set this option, you can
              specify URLs that contain the letters {}[] without having them being interpreted by  curl
              itself.  Note  that  these  letters  are not normal legal URL contents but they should be
              encoded according to the URI standard.

Ultimately, this is something that should probably be taken up with the system expecting unsafe characters.

Joseph Fry's profile image
Broadcom Employee Joseph Fry posted Apr 24, 2025 01:14 PM

I wanted to add... most of the time you see {something}, you are looking at a URI template... you are expected to replace the {something} with an appropriate string.

See: https://en.wikipedia.org/wiki/URI_Template

Perhaps you are misunderstanding the intent of this static url in your policy?  You may be expected to hard code a value in that url (like an API key or an id).

Shamim Abdulhai Ansari's profile image
Shamim Abdulhai Ansari posted Apr 29, 2025 03:26 AM

Thank you, Joseph.