Encoding fields in HTTP headers (#523)

* Encoding fields to make sure we don't send UTF8 inside the HTTP header * Updating reference to use æøå (which is not allowed in JsonSchema, but the app should now crash with this component ID either) Co-authored-by: Ole Martin Handeland <[email protected]>
Altinn · Oct 7, 2022 · 1d0c6ce · 1d0c6ce
1 parent c6f407c
commit 1d0c6ce
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 11 deletions.
diff --git a/src/altinn-app-frontend/src/features/form/data/submit/submitFormDataSagas.test.ts b/src/altinn-app-frontend/src/features/form/data/submit/submitFormDataSagas.test.ts
@@ -94,8 +94,8 @@ describe('submitFormDataSagas', () => {
         [
           call(put, dataElementUrl(defaultDataElementGuid), model, {
             headers: {
-              'X-DataField': field,
-              'X-ComponentId': componentId,
+              'X-DataField': encodeURIComponent(field),
+              'X-ComponentId': encodeURIComponent(componentId),
             },
           }),
           {},
@@ -167,8 +167,8 @@ describe('submitFormDataSagas', () => {
             {
               headers: {
                 party: `partyid:${stateMock.party.selectedParty.partyId}`,
-                'X-DataField': field,
-                'X-ComponentId': componentId,
+                'X-DataField': encodeURIComponent(field),
+                'X-ComponentId': encodeURIComponent(componentId),
               },
             },
             model,
@@ -257,8 +257,8 @@ describe('submitFormDataSagas', () => {
             getStatelessFormDataUrl(currentDataType, true),
             {
               headers: {
-                'X-DataField': field,
-                'X-ComponentId': componentId,
+                'X-DataField': encodeURIComponent(field),
+                'X-ComponentId': encodeURIComponent(componentId),
               },
             },
             model,

diff --git a/src/altinn-app-frontend/src/features/form/data/submit/submitFormDataSagas.ts b/src/altinn-app-frontend/src/features/form/data/submit/submitFormDataSagas.ts
@@ -132,8 +132,8 @@ export function* putFormData({
   try {
     const options: AxiosRequestConfig = {
       headers: {
-        'X-DataField': field,
-        'X-ComponentId': componentId,
+        'X-DataField': encodeURIComponent(field),
+        'X-ComponentId': encodeURIComponent(componentId),
       },
     };
     yield call(put, dataElementUrl(defaultDataElementGuid), model, options);
@@ -224,8 +224,8 @@ export function* saveStatelessData({
   const allowAnonymous = yield select(makeGetAllowAnonymousSelector());
   let options: AxiosRequestConfig = {
     headers: {
-      'X-DataField': field,
-      'X-ComponentId': componentId,
+      'X-DataField': encodeURIComponent(field),
+      'X-ComponentId': encodeURIComponent(componentId),
     },
   };
   if (!allowAnonymous) {

diff --git a/test/cypress/e2e/pageobjects/app-frontend.js b/test/cypress/e2e/pageobjects/app-frontend.js
@@ -75,7 +75,7 @@ export default class AppFrontend {
       newMiddleName: '#newMiddleName',
       newMiddleNameDescription: '#description-newMiddleName',
       oldFullName: '#changeNameFrom',
-      newFullName: '#changeNameTo',
+      newFullName: '#changeNameTo_æøå',
       confirmChangeName: '#confirmChangeName',
       reasons: '#reason',
       reference: '#reference',