Is the Nx Cloud up? Visit our Status Page for the current health and performance of the Nx Cloud.

Status Page

Nxwitness does not properly decode query args

Answered
Sen Haerens

Following curl request:

curl --verbose --get --data-urlencode guid=$(uuidgen -t) --data-urlencode cameraId=1 --data-urlencode 'name=Name with spaces' --data-urlencode 'description=Desc with spaces' --data-urlencode startTime=$(date +%s)000 --data-urlencode duration=10000 https:/$USER:$PW@$SERVER:7001/ec2/bookmarks/add

 ...

> GET /ec2/bookmarks/add?guid=b8e1ba2a-235b-11ec-94cd-ac1f6b02aace&cameraId=1&name=Name+with+spaces&description=Desc+with+spaces&startTime=1633163739000&duration=10000 

Curl encodes spaces in query arguments as plus (+) signs according to RFC1738 but NxWitness (server 4.20.33306) does not seem decode plus signs back into spaces?

0

Comments

3 comments

Date Votes
  • Official comment
    Tagir Gadelshin
    • Network Optix team
    Edited

    Hi. Sen Haerens
    Thanks for reaching out to us!

    We see people using + sign in their texts (in the names of the bookmark, descriptions, etc), so we decided to stick to percent-encoding: https://datatracker.ietf.org/doc/html/rfc3986#section-2.1 

    Please, use %20 for space -- it should work.

    Also, have you tried the API testing tool we have in web admin (localhost:https://$USER:$PW@$SERVER:7001/static/index.html#/developers/api)? It generates URLs automatically.

    And one thing to consider -- we've recently rolled out a new early preview version (Meta 5.0 R3), which has a completely new REST API -- you can try it out, as it should be much more convenient to use: https://meta.nxvms.com/downloads/patches

    Thanks!
    let me know if you have any comments or questions

  • Sen Haerens

    If you read section 2.2 of rfc3986, you would understand that the plus sign is a reserved character which should always be encoded (as %2B)  if not used for its defined, reserved purpose.

    The curl CLI follows the spec (and encodes spaces as plus signs which is perfectly valid). There is no way to change this behaviour.

    0
  • Tagir Gadelshin
    • Network Optix team

    Sen Haerens
    you're absolutely right!

    In 5.0 we've taken this into account and updated our API. The new version won't have this problem, as bookmark info will be sent in the request body in the form of JSON data (application/json).

    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post