fix(proxy-rewrite): query string discarded when use_real_request_uri_…

[YapWC]

…unsafe is true

When use_real_request_uri_unsafe is set to true, url that was requested with query string, arguments is not parsed. Expected to parse the arguments just like same default behavior when use_real_request_uri_unsafe is set to false.

The real issue lies in the fact that when use_real_request_uri_unsafe is set to true and conf.uri is provided, the core.utils.resolve_var output back an upstream uri that does not include query string. Therefore we need to concatenate the query string for the case if conf.uri is true.

Description

Which issue(s) this PR fixes:

Fixes #12623

Checklist

• I have explained the need for this PR and the problem it solves
• I have explained the changes or the new features added to this PR
• I have added tests corresponding to this change
• I have updated the documentation to reflect this change
• I have verified that this change is backward compatible (If not, please discuss on the APISIX mailing list first)

[Baoyuantop]

If the plugin only configures "use_real_request_uri_unsafe": true, it will cause the query to be concatenated repeatedly.

[YapWC]

Hi @Baoyuantop alright I think I understand what you mean. I think it is better for me to debug it line by line in this case. For your side normally how do you run debugging/printing code output?

[Baoyuantop]

Please simplify the comments.

[Copilot]

Pull request overview

Fixes proxy-rewrite behavior where the original request query string is dropped when use_real_request_uri_unsafe=true and conf.uri is set, aligning unsafe mode with the default (safe) behavior.

Changes:

• Update proxy-rewrite rewrite logic to preserve the query string when use_real_request_uri_unsafe=true and uri is configured.
• Add regression tests covering query preservation in unsafe mode.
• Extend/adjust tests around URI normalization behavior when unsafe mode is disabled.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

File	Description
apisix/plugins/proxy-rewrite.lua	Appends the original query string when building upstream_uri from conf.uri in unsafe mode.
t/plugin/proxy-rewrite.t	Adds tests to verify query args are preserved when use_real_request_uri_unsafe=true and uri is rewritten.
t/plugin/proxy-rewrite3.t	Updates test descriptions and adds coverage for normalization behavior when unsafe mode is not enabled.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

When use_real_request_uri_unsafe is true and conf.uri already contains a query string (e.g. /path?x=1), concatenating .. query_string (which starts with ?) produces an invalid URI like /path?x=1?y=2. This also diverges from the non-unsafe branch which merges query params using ?/& logic. Please merge the extracted query into conf.uri the same way: if the resolved conf.uri already has ?, append & plus the extracted query without its leading ?; otherwise append it as-is. Add/adjust a test to cover conf.uri containing its own query when use_real_request_uri_unsafe=true.

Suggested change

	upstream_uri = core.utils.resolve_var(conf.uri, ctx.var, escape_separator) .. query_string
	local resolved_uri = core.utils.resolve_var(conf.uri, ctx.var, escape_separator)
	if query_string ~= "" then
	-- Merge extracted query string into resolved_uri:
	-- if resolved_uri already has a query part, append with '&',
	-- otherwise append the extracted query as-is.
	if str_find(resolved_uri, "?", 1, true) then
	upstream_uri = resolved_uri .. "&" .. sub_str(query_string, 2)
	else
	upstream_uri = resolved_uri .. query_string
	end
	else
	upstream_uri = resolved_uri
	end