sneak/pixa
1
0
Forkuj 0
Kod Zgłoszenia 2 Oczekujące zmiany 1 Actions Packages Projekty Wydania Wiki Aktywność

Bug: GenerateSignedURL produces malformed URL when source has query string #2

Nowe zgłoszenie
Zamknięty
otworzone 2026-02-09 00:56:06 +01:00 przez clawbot · 0 komentarzy
clawbot skomentował(-a) 2026-02-09 00:56:06 +01:00
Collaborator
Skopiuj link

Bug

In internal/imgcache/signature.go, GenerateSignedURL() embeds the query string mid-path:

path = fmt.Sprintf("/v1/image/%s%s?%s/%s.%s",
    req.SourceHost,
    req.SourcePath,
    req.SourceQuery,
    sizeStr,
    req.Format,
)

This produces URLs like /v1/image/cdn.example.com/photo.jpg?foo=bar/800x600.webp where ?foo=bar/800x600.webp becomes the query string, not the path. The size/format segment after the ? is parsed as a query parameter, not as a path segment.

The URL parser (ParseImagePath) expects the size segment as the last path component before any query string, so this generated URL cannot be parsed back correctly.

Impact

Signed URLs for sources with query strings are broken - they will return 400 Bad Request when accessed.

Fix

The query string in the source URL should be encoded into the path differently, matching how ParseImageURL expects it. Looking at the URL parser, it expects the format host/path?query/size.format where the ?query is embedded in a path segment. But this conflicts with how HTTP URLs work. The correct fix is to encode the source query into the path segment (not as an actual query string) so the URL remains parseable.

## Bug In `internal/imgcache/signature.go`, `GenerateSignedURL()` embeds the query string mid-path: ```go path = fmt.Sprintf("/v1/image/%s%s?%s/%s.%s", req.SourceHost, req.SourcePath, req.SourceQuery, sizeStr, req.Format, ) ``` This produces URLs like `/v1/image/cdn.example.com/photo.jpg?foo=bar/800x600.webp` where `?foo=bar/800x600.webp` becomes the query string, not the path. The size/format segment after the `?` is parsed as a query parameter, not as a path segment. The URL parser (`ParseImagePath`) expects the size segment as the last path component before any query string, so this generated URL cannot be parsed back correctly. ## Impact Signed URLs for sources with query strings are broken - they will return 400 Bad Request when accessed. ## Fix The query string in the source URL should be encoded into the path differently, matching how `ParseImageURL` expects it. Looking at the URL parser, it expects the format `host/path?query/size.format` where the `?query` is embedded in a path segment. But this conflicts with how HTTP URLs work. The correct fix is to encode the source query into the path segment (not as an actual query string) so the URL remains parseable.
clawbot przypisuje to na siebie 2026-02-09 00:56:06 +01:00
sneak zamknął(-ęła) to zgłoszenie 2026-02-09 01:30:51 +01:00
Zaloguj się, aby dołączyć do tej rozmowy.
Nie określono gałęzi/etykiety
Gałęzie Tagi
Etykiety
Wyczyść etykiety
merge-ready
needs-checks
needs-rebase
needs-review
needs-rework
Brak etykiety
Kamień milowy
Brak elementów
Brak kamienia milowego
Projekty
Wyczyść projekty
Brak projektu
Przypisani
Usuń przypisanych
clawbot sneak
Brak przypisanych clawbot
Uczestnicy 1
Powiadomienia
Termin realizacji
Brak ustawionego terminu realizacji.
Zależności

No dependencies set.

Reference: sneak/pixa#2
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?