[Bug]: GET query ends up encoded twice when using /proxy/port but /absproxy/port working fine

[erickweil]

Is there an existing issue for this?

• I have searched the existing issues

OS/Web Information

• Web Browser: Firefox 114.0.2 (64-bits)
• Local OS: Windows 10 Home Single Language
• Remote OS:
  It's a Docker container with vscode-server installed manually. (ghcr.io/nestybox/ubuntu-jammy-systemd-docker:latest), Host OS: Ubuntu 22.04.2 LTS (Jammy Jellyfish)
• Remote Architecture: x86_64
• code-server --version: 1.79.2 695af097c7bd098fbf017ce3ac85e09bbc5dda06 x64

Steps to Reproduce

1. Inside Code-Server, run any program that listen HTTP traffic.
   Example python program to log HTTP traffic (The problem happens on any http server not only this example. I found it when running a nodejs application):

#!/usr/bin/env python3
from http.server import BaseHTTPRequestHandler, HTTPServer
import logging

class S(BaseHTTPRequestHandler):
    def do_GET(self):
        self.send_response(200)
        self.send_header('Content-type', 'text/html')
        self.end_headers()
        self.wfile.write("GET request for {}".format(self.path).encode('utf-8'))

def run(server_class=HTTPServer, handler_class=S, port=3000):
    httpd = server_class(('', port), handler_class)
    try:
        httpd.serve_forever()
    except KeyboardInterrupt:
        pass
    httpd.server_close()

if __name__ == '__main__':
    run()

3. Try to access it both via the exposed port and via the /proxy/port passing a GET query with special characters (anything that triggers % encoding)
   Given example host 'localhost' and code-server listening on port '8080'
   "http://localhost:8080/proxy/3000/?query=Teste de query"
   "http://localhost:8080/absproxy/3000/?query=Teste de query"
   "http://localhost:3000/?query=Teste de query"

Expected

The expect results would be both logs to be equal:
Example log when acessing "http://localhost:8080/proxy/3000/?query=Teste de query"
127.0.0.1 - - [05/Jul/2023 13:15:37] "GET /?query=Teste%20de%20query HTTP/1.1" 200 -

Example log when acessing "http://localhost:8080/absproxy/3000/?query=Teste de query"
127.0.0.1 - - [05/Jul/2023 13:27:07] "GET /absproxy/3000/?query=Teste%20de%20query HTTP/1.1" 200 -

Example log when acessing "http://localhost:3000/?query=Teste de query" (Without code-server proxy)
127.0.0.1 - - [05/Jul/2023 13:17:12] "GET /?query=Teste%20de%20Query HTTP/1.1" 200 -

Actual

The logs show that any % encoded character are doubly-encoded only when acessed via code-server proxy while when using absproxy and direct access no problem is found

Example log when acessing "http://localhost:8080/proxy/3000/?query=Teste de query"
127.0.0.1 - - [05/Jul/2023 13:15:37] "GET /?query=Teste%2520de%2520query HTTP/1.1" 200 -

• Look how %20 becomes %2520. (What is happening is that the % itself becomes %25).

Example log when acessing "http://localhost:8080/absproxy/3000/?query=Teste de query"
127.0.0.1 - - [05/Jul/2023 13:27:07] "GET /absproxy/3000/?query=Teste%20de%20query HTTP/1.1" 200 -

Example log when acessing "http://localhost:3000/?query=Teste de query" (Without code-server proxy)
127.0.0.1 - - [05/Jul/2023 13:17:12] "GET /?query=Teste%20de%20Query HTTP/1.1" 200 -

Logs

No response

Screenshot/Video

No response

Does this issue happen in VS Code or GitHub Codespaces?

• I cannot reproduce this in VS Code.
• I cannot reproduce this in GitHub Codespaces.

Are you accessing code-server over HTTPS?

• I am using HTTPS.

Notes

I'm using HTTPS but the nginx proxy that deals with it, code-server itself isn't using HTTPS and the problem still happens even if I simulate locally with curl, so it's not relevant how I get to code-server.

My Theory
I think the problem is something about how the "/proxy/port" path is stripped by the proxy, re-encoding the URL when it should be untouched.

[code-asher]

Thank you for the report! Your analysis sounds spot-on. I think the assumption was that Express decodes the query variables but obviously that is not the case.

[revolutionisme]

Hi @code-asher is there an update on this? We reverted to v4.12 just to avoid this as its breaking the UI for our users, I can take it over and revert the encodeURI if you need contribution.

[code-asher]

No update, I just have not got around to it yet (I figure I should also add tests), but am happy to merge if someone makes a PR.

[exasky]

Same issue here with Localstasck and presign urls.

When I generate a presign for S3 Get/Put, the url has '&' char in it. So when I try to call il through 'code-server.url/proxy/4566/{PRESIGN}', it ends up encoded twice with the same behavior explained before.

Only solution is to roll back to version v4.12.0

[daniel-sali]

I'm having problems with this issue as well, a fix would be appreciated.

[code-asher]

So, my memory is fuzzy but I think I tried to fix this but when I added a unit test I could not actually reproduce the issue. There might be more going on or maybe my test was bad.

[code-asher]

Nevermind I see where I went wrong. Fix incoming.