Application error when access {some-url}, Error=A potentially dangerous Request.Path value was detected from the client (%).
at System.Web.HttpRequest.ValidateInputIfRequiredByConfig()
at System.Web.HttpApplication.PipelineStepManager.ValidateHelper(HttpContext context)
Looking more carefully at the URL, it turned out there was a %2520 in it. That is there was a space in the URL which was encoded into a %20, but then some errant code encoded it again into %2520.
What was tricky about this issue that I never saw my endpoint request actually get logged in ULS. Instead, it looked like this was caught by .NET.
No comments:
Post a Comment