EPiServer crashes with 500 error if X-Original-Url request header is present and a user is logged in

Vote:
 

I can crash pretty much all of our EPiServer sites if i replay a request against them for a logged in user with an http request header present called X-Original-Url and it has data in it, an example request could be:

GET /page/ HTTP/1.1
Host: world.episerver.com
Connection: keep-alive
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36
Referer: http://clientdomain.com/somepage
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Cookie: .EPiServerLogin=encryptedcookieforusergoeshere; ASP.NET_SessionId=xxxx;.ASPXROLES=yyyyy;
X-Original-URL: /page/

Doesn't matter what is in X-Original-URL, if there is anything in there EPiServer will throw a 500 error. Remove the X-Original-URL header and everything works.

Stacktrace is below; I have looked into the code and can see that EPiServer is using some MVC helpers that are specifically checking for this header so it appears that this header is actually checked. And then it appears to handle virtual paths differently if this header is there, hence the "System.Web.HttpException (0x80004005): Cannot use a leading .. to exit above the top directory."

Anyone got a fix for this? Makes it impossible to load balance the sites with a load balancer that sends the X-Original-URL to the backend webservers.

Sites running CMS R2 and Commerce R2.

System.Web.HttpUnhandledException (0x80004005): Exception of type 'System.Web.HttpUnhandledException' was thrown. ---> System.Web.HttpException (0x80004005): Cannot use a leading .. to exit above the top directory.
   at System.Web.Util.UrlPath.ReduceVirtualPath(String path)
   at System.Web.Util.UrlPath.Reduce(String path)
   at System.Web.VirtualPath.Combine(VirtualPath relativePath)
   at System.Web.Mvc.PathHelpers.GenerateClientUrlInternal(HttpContextBase httpContext, String contentPath)
   at System.Web.Mvc.UrlHelper.GenerateUrl(String routeName, String actionName, String controllerName, RouteValueDictionary routeValues, RouteCollection routeCollection, RequestContext requestContext, Boolean includeImplicitMvcValues)
   at System.Web.Mvc.UrlHelper.GenerateUrl(String routeName, String actionName, String controllerName, String protocol, String hostName, String fragment, RouteValueDictionary routeValues, RouteCollection routeCollection, RequestContext requestContext, Boolean includeImplicitMvcValues)
   at System.Web.Mvc.UrlHelper.RouteUrl(String routeName, Object routeValues, String protocol)
   at EPiServer.Web.PageExtensions.ContextMenu.RegisterMenuScripts(Object sender, EventArgs e)
   at System.EventHandler.Invoke(Object sender, EventArgs e)
   at System.Web.UI.Page.OnInit(EventArgs e)
   at EPiServer.PageBase.OnInit(EventArgs e)
   at System.Web.UI.Control.InitRecursive(Control namingContainer)
   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
   at System.Web.UI.Page.HandleError(Exception e)
   at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
   at System.Web.UI.Page.ProcessRequest(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)
   at System.Web.UI.Page.ProcessRequest()
   at System.Web.UI.Page.ProcessRequest(HttpContext context)
   at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
#72766
Jun 28, 2013 7:47
Vote:
 

Thomas,
Did you manage to find a work-around for this?

 

I had to temporarily disable the right-click menu to get the sites to load without YSOD. I'm submitting a ticket to EPiServer support for this now. 

#74047
Edited, Aug 19, 2013 16:47
Vote:
 

EPiServer support supplied me with with a hotfix for the following bug:

#88050: Menu Url creation for Shell modules may fail under certain circumstances

Applying this solved my issues.

#74164
Aug 21, 2013 16:03
This thread is locked and should be used for reference only. Please use the Episerver CMS 7 and earlier versions forum to open new discussions.
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.