Ideally you should always URL-encode your query parameters before sending your request to the server. Read: https://www.talisman.org/~erlkonig/misc/lunatech%5Ewhat-every-webdev-must-know-about-url-encoding/
If you want to go down the relaxedQueryChars route, note that the
following chars from your query are also in the set that you ought to
add to the exception:
" { } [ ] ^ |
Try this in your server.xml:
<Connector connectionTimeout="20000" port="8080" protocol="HTTP/1.1" redirectPort="8443" relaxedQueryChars='^{}[]|"' />
More insight into relaxedQueryChars/relaxedPathChars on the bug ticket 62273. The change was added to all branches of Tomat:
- 9.0.8
- 8.5.31
- 8.0.52
- 7.0.87
I don't think you need the relaxedPathChars attribute at all (this refers to characters on the URL path). However, the Tomcat team's test results seem to suggest that the following could be used for maximum backward-compatibility:
relaxedPathChars="[]|" relaxedQueryChars="[]|{}^\`"<>"
nb/ the first arg to your query should be demarcated by ? not &