Software dev, tech, mind hacks and the occasional personal bit

Fixing ‘Invalid query parameters: invalid %-encoding’ in a Rails App

Sometimes users manually edit query strings in the address bar, and make requests that have invalid encodings. Unfortunately Rails does not handle this neatly and the exception bubbles up. Eg,

ActionView::Template::Error: Invalid query parameters: invalid %-encoding (%2Fsearch%2Fall%Forder%3Ddescending%26page%3D5%26sort%3Dcreated_at)

/rack/lib/rack/utils.rb:127:in `rescue in parse_nested_query'

[Note: This was with Passenger, which passed the request through to the app – your mileage may vary with other servers]

In the case of my app, these corrupted query strings are not that important, but users are receiving 500 server error pages. Sometimes they end up with a bad query string URL cached in browser history, so they keep going back to it rather than to the home page.

A simple solution, that gives a good user experience for my app, is to simply drop the query string on a request completely if it has invalid encoding. See my implementation using Rack middleware below:


Doing a Website Re-design or new look


“The Magic of Thinking Big” by David Schwartz


  1. Giedrius


    Thanks for the post. Do you include this middleware anywhere among others or is it important to have it before any or after any other middleware?

  2. James

    Hi Giedrius

    I added it before Rack::Runtime, like so:

    config.middleware.insert_before Rack::Runtime, HandleBadEncodingMiddleware

    so the bad encoding wouldn’t get to Rack middleware.


  3. iamse7en

    Ever since I updated to Rails 5 yesterday, there’s been some annoying bot that is testing all kinds of weird parameters. I have an exception notifier gem, and I was hit with like 200 emails in the space of an hour. It was driving my bananas.

    Here was the error:

    An ActionController::BadRequest occurred in games#index:

    Invalid query parameters: expected Hash (got Array) for param `league’


    I googled and googled. Could not figure out how to make it stop! Thank you for this code! I created app/middleware/handle_bad_encoding_middleware.rb, copied and pasted your code, then added config.middleware.use HandleBadEncodingMiddleware just above my ExceptionNotification line. Beautiful! No more emails for that! That stupid bot can stop bothering me now. And I still get emails for real exceptions, ones that I need to monitor and fix.

  4. Infinity

    You are a life saviour man!!!

Leave a Reply

Your email address will not be published. Required fields are marked *

Powered by WordPress & Theme by Anders Norén