I have a stock query application that returns data based upon a stock symbol.
Basically, the AJAX call goes to ~/Stocks/GetStockData/{id}
where the {id}
is the stock symbol.
This works fine... generally. Today I found that the stock "Progressive Waste Solutions Ltd.", which has a symbol of BIN, blew up. Looking at the return data in the browser, I see it's returning a 404 for this symbol.
It occurred to me that BIN might be a reserved word, asking for some binary file or something. Is this the case? How do I work around this without a whole lot of effort? Are there other keywords that will also cause this problem?
UPDATE
Per Artyom Neustroev, this could be a reserved keyword, and would be protected from routing to. He referenced an article which referenced a website which stated the way around this was to add the following configuration setting in the config file:
<configuration>
<system.web>
<httpRuntime relaxedUrlToFileSystemMapping="true"/>
<!-- ... your other settings ... -->
</system.web>
</configuration>
...which got me further. Upon running my site with this, the ajax call returned a 404.8 error:
HTTP Error 404.8 - Not Found
The request filtering module is configured to deny a path in the URL that contains a hiddenSegment section.
OK, this actually sorta makes sense. The routing was set to prevent someone from getting into my bin
directory, and I approve of that sort of prevention.
So I'm wondering how to tell a particular group of methods that getting stuff like BIN
, or CONFIG
(theoretically) is ok if there is a defined route for it?
So here is a synopsis:
The routing mechanism takes into account hidden directories and files (like web.config, /bin, etc) and hides them from people. For some of these, the rules can be relaxed a bit, as they are handled in code. These "keywords" are: CON
, COM1
, COM2
, COM3
, COM4
, LPT1
, LPT2
, AUX
, PRN
, and NUL
. These can actually be referenced with a change to your web.config file as such:
<configuration>
<system.web>
<httpRuntime relaxedUrlToFileSystemMapping="true"/>
<!-- ... your other settings ... -->
</system.web>
</configuration>
However, the other type of hidden keywords are not managed in code, but rather in IIS. You have two options for these. You can modify the IIS settings as suggested by Artyom Neustroev (he links to this), which strikes me as a little dangerous, but I expect it would work.
The other option, the one I went with, was to change my AJAX call to a POST
method. Then the value is not in the URL, and the whole issue is circumvented.
Thanks to everyone that got me to this point.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With