Header has unallowed character % in value

ajomlu · September 16, 2020, 5:18pm

I would like to make a call to twitter to fetch the latest tweets.

When I call the service, I want to use the Bearer token for authentication.
However, as the bearer token contains a “%”, the call fails with the error:

Header “Authorization” has unallowed character “%” in value “Bearer …oP4iw%3DoZ…”

I have shortened the token as it is a secret

Here is the code I have:

	local headers = {["Authorization"] = "Bearer ..d4llaoP4iw%3DoZBnejRZSXvO..."}

	-- Use pcall in case something goes wrong
	local success, response = pcall(function ()
		response = HttpService:GetAsync(URL_TWITTER, false, headers)
		data = HttpService:JSONDecode(response)
	end)
	print("twitter1 " .. tostring(success) .. " - " .. response)

I tries escaping the % with %% or %, but it did not help.

CheezeNibletz · September 16, 2020, 5:40pm

If you tried escaping the magic character and it didn’t work maybe try using string.gsub instead?

local formattedHeaders = headers["Authorization"]:gsub("%%", "")

This seems to get rid of the “%” in the string.

Cerulean7 · September 16, 2020, 6:00pm

Have you tried HttpService:JSONEncode()ing headers?

ajomlu · September 16, 2020, 6:08pm

The problem is that I cannot just remove the % as it is part of the token and must be sent to the twitter server. Otherwise the authentication will fail.

Cald_fan · December 5, 2020, 6:57am

for me it said that brackets were not allowed. like what?

Edit: Take a look at this Table HttpService:RequestAsync(table request)

I dont know what to do about characters you cant use in headers

rqqce · May 5, 2021, 5:01pm

It’s been a while since the last post on this thread was made, but did you find any solution? I’m getting the same error since I’m trying to use “_” inside of a header.

iBuzzes · August 29, 2021, 7:10pm

I’m having the same problem. I am trying to use ‘|’ inside a header with RequestAsync and says the same error.

Kurookku · October 8, 2021, 8:34pm

Has anyone here found a solution to the issue?

xccosanxcc · January 23, 2022, 1:47pm

use a random character instead of an unacceptable character
then on javascript, Convert that random character in the following headers to an unacceptable character,

For example, on lua, add a value to the headers, this value tells which character to put in which order of the string

code example:

local headers = {auth="abcdefghijkamnapr",format_auth="12=percent,15=percent"}
-- format_auth="12=percent,15=percent"
or
local headers = {auth="abcdefghijkamnapr",format_auth=string.char(1+97)..string.char(2+97).."=percent"}
-- format_auth="bc=percent" -- you can convert bc string to number

-- on javascript, result: auth= "abcdefghijk%mn%pr"

V_ChampionSSR · February 8, 2022, 11:19pm

For anyone wanting to get the % in through your request, just use the following code:

local function FixPercentage(Token)
	return Token:gsub("%%%x%x", function(match) 
		return string.char(tonumber(match:sub(2), 16)) 
	end)
end

local Token = FixPercentage("yourtokenwith%")
-- call requestasync function as normal

Found this piece of code from As8D. Something relating to hexadecimal code, not quite sure, but this allowed me to send a successful request to Twitter.