Android 查询字符串参数的值不能包含'=';分隔符
现在我简化了这个问题 我尝试直接复制并粘贴查询,以使用%3D而不是“=”来确认它Android 查询字符串参数的值不能包含'=';分隔符,android,amazon-web-services,titanium,Android,Amazon Web Services,Titanium,现在我简化了这个问题 我尝试直接复制并粘贴查询,以使用%3D而不是“=”来确认它 var xhrSNS = Ti.Network.createHTTPClient({ onload :function(e) { Ti.API.info("test Post query:" + JSON.stringify(e)); Ti.API.info(this.responseText); }, one
var xhrSNS = Ti.Network.createHTTPClient({
onload :function(e) {
Ti.API.info("test Post query:" + JSON.stringify(e));
Ti.API.info(this.responseText);
},
onerror : function(e){
Ti.API.debug("test Create PlatForm Endpoint registerPush error:" + e.error);
Ti.API.info(this.responseText);
}
});
getUrl = "http://sns.ap-northeast-1.amazonaws.com?AWSAccessKeyId=AAAAAAAAAAAAAAA&Action=CreatePlatformEndpoint&PlatformApplicationArn=arn%3Aaws%3Asns%3Aap-northeast-1%3A776188326341%3Aapp%2FGCM%2Fmyapp&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2016-04-03T15%3A05%3A51.465Z&Token=APA91bEiaB-902cRmwwgCwoqi2jRIJzzTIZNB7XduELuBKit_WF29tN5twrVW5t1BHpj07ARgwjzoc-I5xVur5K6I6ZQcnoErguUyi-VBHvuI5eY9HS4jq1J6KbIC05Etoe8indjpY9X&Version=2010-03-31&Signature=DzxQpP%2BcALS91C53eia6ZkBhxg3lQ32ctqiEmqKwwLA%3D";
xhrSNS.open('GET',getUrl);
xhrSNS.send();
请查看getUrl的最后一个字母,它肯定使用“%3D”
但回报是一样的
它抱怨句子中包含“=”分隔符
[DEBUG] test Create PlatForm Endpoint registerPush error:400 : Bad Request
[INFO] <ErrorResponse xmlns="http://webservices.amazon.com/AWSFault/2005-15-09">
[INFO] <Error>
[INFO] <Type>Sender</Type>
[INFO] <Code>MalformedQueryString</Code>
[INFO] <Message>AWSAccessKeyId=AAAAAAAAAAAAAAA&Action=CreatePlatformEndpoint&PlatformApplicationArn=arn%3Aaws%3Asns%3Aap-northeast-1%3A776188326341%3Aapp%2FGCM%2Fmyapp&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2016-04-03T15%3A05%3A51.465Z&Token=APA91bEiaB-902cRmwwgCwoqi2jRIJzzTIZNB7XduELuBKit_WF29tN5twrVW5t1BHpj07ARgwjzoc-I5xVur5K6I6ZQcnoErguUyi-VBHvuI5eY9HS4jq1J6KbIC05Etoe8indjpY9X&Version=2010-03-31&Signature=DzxQpP%2BcALS91C53eia6ZkBhxg3lQ32ctqiEmqKwwLA= is not valid; the value of a query string parameter may not contain a '=' delimiter</Message>
-----------------------------添加到这里-----------------
我正在使用Amazon SNS API
我制作了这样的url,它在浏览器上运行良好
http://sns.ap-northeast-1.amazonaws.com?AWSAccessKeyId=AAAAAAAAAAAAA&Action=CreatePlatformEndpoint&PlatformApplicationArn=arn%3Aaws%3Asns%3Aap-northeast-1%3A776188326341%3Aapp%2FGCM%2Fmyapp&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2016-04-01T21%3A06%3A29.861Z&Token=APA91bEiaB-902cRmwwgCwoqi2jRIJzzTIZNB7XduELuBKit_WF29tN5twrVW5t1BHpj07ARgwjzoc-I5xVur5K6I6ZQcnoErguUyi-VBHvuI5eY9HS4jq1J6KbIC05Etoe8indjpY9X&Version=2010-03-31&Signature=Dt9tXa0Rjl%2Ff6YxZ4JaPfsm%2BT%2BMX03gS712nIKKekAI%3D
然而,如果我尝试从Android
这将返回400个错误请求
<ErrorResponse xmlns="http://webservices.amazon.com/AWSFault/2005-15-09">
<Error>
<Type>Sender</Type>
<Code>MalformedQueryString</Code>
<Message>AWSAccessKeyId=AAAAAAAAAAAAA&Action=CreatePlatformEndpoint&PlatformApplicationArn=arn%3Aaws%3Asns%3Aap-northeast-1%3A776188326341%3Aapp%2FGCM%2Fmyapp&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2016-04-01T21%3A06%3A29.861Z&Token=APA91bEiaB-902cRmwwgCwoqi2jRIJzzTIZNB7XduELuBKit_WF29tN5twrVW5t1BHpj07ARgwjzoc-I5xVur5K6I6ZQcnoErguUyi-VBHvuI5eY9HS4jq1J6KbIC05Etoe8indjpY9X&Version=2010-03-31&Signature=Dt9tXa0Rjl%2Ff6YxZ4JaPfsm%2BT%2BMX03gS712nIWUekAI=
is not valid; the value of a query string parameter may not contain a '=' delimiter</Message>
</Error>
<RequestId>5b40d988-af34-577a-8839-96f04a217dec</RequestId>
</ErrorResponse>
我想
查询字符串参数的值不能包含“=”分隔符
是问题的原因,但我不知道如何解决它
同样的代码也适用于iPhone
它不仅仅在android上工作
我从这个函数中创建了URL字符串
var array = {
PlatformApplicationArn : Ti.App.global.androidArn
};
awsObj = getSignature("CreatePlatformEndpoint",date,awsUrl,event.registrationId,array);
var getUrl = "http://" + awsUrl + '?' + awsObj.str_para + "&Signature=" + awsObj.encodedString;
Ti.API.info('GETurl :' + getUrl);
xhrSNS.open('GET',getUrl);
function getSignature(action,date,awsUrl,token,array){
Ti.include('/jssha/jssha256.js');
var base = {
Action:action,
AWSAccessKeyId : Ti.App.global.awsAccessKey,
SignatureMethod : "HmacSHA256",
SignatureVersion :2,
Token: token,
Timestamp : date,
Version : "2010-03-31",
};
para = arrayMerge(array,base);
var para_array = [];
for(var pname in para){
para_array.push(pname + "=" + encodeURIComponent(para[pname]));
}
para_array.sort();
var str_para = para_array.join('&');
var str_signature = "GET" + "\n" + awsUrl + "\n" + "/" + "\n" + str_para;
console.log("str_signature:" + str_signature);
HMAC_SHA256_init(Ti.App.global.awsSecretKey);
HMAC_SHA256_write(str_signature);
var array_hash = HMAC_SHA256_finalize();
var str_hash = "";
for (var i = 0; i < array_hash.length; i++) {
str_hash += String.fromCharCode(array_hash[i]);
}
var awsObj = new Object();
awsObj.encodedString = encodeURIComponent(base64encode(str_hash));
Ti.API.info("awsObj.encodedString:" + awsObj.encodedString); // I have confirmed encodedString is correct here.
awsObj.str_para = str_para;
return awsObj;
}
var数组={
平台应用arn:Ti.App.global.androidArn
};
awsObj=getSignature(“CreatePlatformEndpoint”,日期,awsUrl,event.registrationId,数组);
var getUrl=“http://”+awsUrl+”?“+awsObj.str_para+”&Signature=“+awsObj.encodedString;
Ti.API.info('GETurl:'+GETurl);
open('GET',getUrl);
函数getSignature(操作、日期、awsUrl、令牌、数组){
Ti.include('/jssha/jssha256.js');
var基={
行动:行动,
AWSAccessKeyId:Ti.App.global.awsAccessKey,
签名方式:“HmacSHA256”,
签名外翻:2,
令牌:令牌,
时间戳:日期,
版本:“2010-03-31”,
};
para=阵列合并(阵列、基);
var para_数组=[];
用于(第段中的var pname){
para_array.push(pname+“=”+encodeURIComponent(para[pname]);
}
para_array.sort();
var str_para=para_array.join('&');
var str_signature=“GET”+“\n”+awsUrl+“\n”+“/”+“\n”+str_para;
日志(“str_签名:+str_签名”);
HMAC_SHA256_init(Ti.App.global.awsSecretKey);
HMAC_SHA256_书写(str_签名);
var array_hash=HMAC_SHA256_finalize();
var str_hash=“”;
for(var i=0;i
浏览器中的URL:Signature=Dt9tXa0Rjl%2Ff6YxZ4JaPfsm%2BT%2BMX03gS712nIKKekAI%3D
Android中的URL:Signature=Dt9tXa0Rjl%2Ff6YxZ4JaPfsm%2BT%2BMX03gS712nIWUekAI=但是我已经使用了urlencode。我添加了这篇文章。请参阅getSignature函数。它在iPhone上运行良好。那么签名末尾的
=
字符是什么呢?嗯。。。错误消息包含“=”字符。Ti.API.info('GETurl:'+GETurl)显示的是%3D而不是=,所以我认为url的编码是正确的。我添加了这行Ti.API.info(“awsObj.encodedString:+awsObj.encodedString”)函数getSignature()末尾的code>
和确认签名的编码正确。它显示了awsObj。encodedString:WhFEAITvO1xVoBt%2BLFWCRGSKPBJNPIQB0CLJ7QLOZ8%3D
,=
的编码正确。这里的症状使它看起来像是钛合金的用户代理严重损坏,正在尝试规范化查询字符串,这是不应该做的。请注意,SNS还以POST
而不是GET
的形式接受请求。这实际上是这个操作更正确的动词,参数将出现在请求体中,而不是查询字符串中。这似乎是一个值得研究的方法。您似乎还有一个更严重的问题需要解决:Ti.App.global.awsSecretKey
。。。您正在将AWS凭据嵌入应用程序中?这是一个非常不安全的设计决策。根据Tianium中的用户代理实际上正在修改请求的理论,我有一个测试站点,它将响应您发送的请求,并在响应主体中返回给您,用于此目的。通过发送相同的请求,替换我的测试服务器的主机名,对您的请求真正发送的URL获取第二个意见可能会很有用。如果我的网站最后显示了=
,当你认为你在最后发送%3D
时,这应该清楚地指出安卓方面的某些行为非常糟糕。同意Michael的观点。胡思乱想,您是否尝试过在getUrl中将签名移动到查询字符串的前面?也许Android最终无法处理%3D。@Michael感谢您的大力帮助。我发送相同的url,如https://echo.sqlbot.net/?AWSAccessKeyId=AAAAAA&_etc_& 签名=0Z%2FRMG58BXDTWTQAVETEVJMPKI4MSG15WNK8VB3XAME%3D
。我发送<代码> %3D虽然它显示了<代码> = /代码> @ Yangfan,但是我改变了查询的顺序,在查询的中间放了签名,但结果相同。