Comments (4)
Hi! Thanks so much for the extremely well researched bug report, and I'm really sorry that it's taken me so long to reply.
This is a tricky one!! Since: it is not clear to me whether its "Right" to consider ";" a separator or not.
Personally, I had never considered semicolon a separator. On the other hand, clearly the Go authors do, and (from your link) the W3C says:
"We recommend that HTTP server implementors, and in particular, CGI implementors support the use of ";" in place of "&" to save authors the trouble of escaping "&" characters in this manner."
http://www.w3.org/TR/html401/appendix/notes.html#h-B.2.2
Neither choice seems obviously right (or wrong), so we've just got to choose one.
I'm inclined to consider semicolon a separator, primarily because the behavior of url.Query seems like a reasonable precedent to follow for Go programs.
Once we assume that decision, that implies two things:
- This library should continue to treat semicolon as a separator and not make any changes.
- For users, like you, who want to embed a semicolon without it being treated as a separator, they should escape it in application code, before sending it in.
So, my suggestion is that you change the URL you pass to GET to:
https://www.upwork.com/api/profiles/v2/search/jobs.json?paging=1%3B10&q=golang
I hope that this is a reasonable compromise that should allow applications to continue to use semicolon as a separator (by passing ";" raw) or not (by passing %3B).
Please do let me know if this works for you!
from oauth.
@mrjones , unfortunately your suggestion won't work, because by specifying "%3B" in the parameter, means that "%" will be encoded as "%25" and the final url will contain "%253B" - as a result, server side never decodes "%253B" to ";"
i understand that old rfc describes ";" and "&" as delimiters, but it's far from reality nowadays :)
from oauth.
Ah, I think I understand better now. However, I could still be mis-understanding something, if so please let me know.
I just committed change c4fac5e which I hope will help you.
To communicate fully what's happening here, I must point out that as of recently, there are two different ways to make HTTP requests. This all started with 5faa557, when I introduced a second way.
- The old way works by calling Get()/Post()/etc directly on the Consumer object.
- The new way works by using an http.Client from the MakeHttpClient method on the Consumer.
I think the second way is more flexible, and generally "better", but I'd like to keep both ways working. So, there is a function (makeAuthorizedRequestReader) which translates from the old interface to the new one internally.
Correct me if I'm wrong, but I assume that you are using the "old" way (calling Get directly)? People who use the new interface should be able to access to RawQuery directly on the http.Request object, and therefore shouldn't need any special support inside the library.
Assuming I understand correctly: We only need to fix the old interface. Therefore, I applied the exact fix that you recommended (replacing ";" with "%3B" in the RawQuery) in the old-to-new translation method (makeAuthorizedRequestReader).
I hope this will fix your code as it stands. I also believe you could switch to the new http.Client interface, which would enable you to control the escaping yourself by editing RawQuery. You might like other aspects of the new interface as well.
I committed two tests as part of c4fac5e, to demonstrate what I think should happen.
Please do let me know if this fixes your issue!
from oauth.
@mrjones , actually, i use a new method, i.e. MakeHttpClient, and i can move the fix under my hood :)
i believed:
- other could experience the same issue; moreover, i wasn't sure about the root and history of the issue - thanks for the detailed explanation
- old method still required the fix - good to know you have updated it
👍
p.s. feel free to close the issue in case you don't plan any further updates - thanks!
from oauth.
Related Issues (20)
- Add more structure to errors HOT 3
- Using "UnixNano" as a random seed HOT 1
- Seems Twitter auth doesn't work without oob but with callback url HOT 2
- RSA private key cannot be defined HOT 5
- Verifying requests HOT 1
- Error reading privateKey HOT 2
- Would like to patch so that Oauth works with Yahoo. Preferred Way? HOT 8
- Space not properly escaped HOT 1
- Twitter example doesn't work HOT 1
- No license HOT 1
- Not working for Twitter
- Does this library work with one legged authorization? HOT 7
- Not able to make OAUTH Post call HOT 2
- The logic behind preventing multiple form parameters with same name. HOT 5
- HTTP/S Proxy Support HOT 2
- Consider merging with Gomniauth
- Renew access token HOT 1
- Consider rename to `LICENSE.txt`
- Return HTTP response to clients even on non 2XX responses. HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from oauth.