couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Martin Higham (Created) (JIRA)" <j...@apache.org>
Subject [jira] [Created] (COUCHDB-1321) Vars in Rewrite rules break OAuth authentication
Date Fri, 28 Oct 2011 14:53:32 GMT
Vars in Rewrite rules break OAuth authentication
------------------------------------------------

                 Key: COUCHDB-1321
                 URL: https://issues.apache.org/jira/browse/COUCHDB-1321
             Project: CouchDB
          Issue Type: Bug
          Components: HTTP Interface
    Affects Versions: 1.1
         Environment: Ubuntu
            Reporter: Martin Higham
            Priority: Minor


When a rewrite rule containing a var ( such as /:name/myfunction ) matches an incoming request
then an additional query param gets created. Unfortunately this new query param gets included
in the Signature Base String when the OAuth code generates its version of the request signature
to validate the incoming request it causing authentication to fail.

To fix this isn't straightforward. When a VHost is configured there is a handy copy of the
original URL in (x-couchdb-vhost-path) that can be used to generate the Signature Base String,
unfortunately if there isn't a VHost no such copy exists.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message