Return-Path: X-Original-To: apmail-couchdb-dev-archive@www.apache.org Delivered-To: apmail-couchdb-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id A7AEE7454 for ; Fri, 28 Oct 2011 14:55:54 +0000 (UTC) Received: (qmail 88633 invoked by uid 500); 28 Oct 2011 14:55:53 -0000 Delivered-To: apmail-couchdb-dev-archive@couchdb.apache.org Received: (qmail 88591 invoked by uid 500); 28 Oct 2011 14:55:53 -0000 Mailing-List: contact dev-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@couchdb.apache.org Delivered-To: mailing list dev@couchdb.apache.org Received: (qmail 88554 invoked by uid 99); 28 Oct 2011 14:55:53 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 28 Oct 2011 14:55:53 +0000 X-ASF-Spam-Status: No, hits=-2000.5 required=5.0 tests=ALL_TRUSTED,RP_MATCHES_RCVD X-Spam-Check-By: apache.org Received: from [140.211.11.116] (HELO hel.zones.apache.org) (140.211.11.116) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 28 Oct 2011 14:55:52 +0000 Received: from hel.zones.apache.org (hel.zones.apache.org [140.211.11.116]) by hel.zones.apache.org (Postfix) with ESMTP id D3A6C324843 for ; Fri, 28 Oct 2011 14:53:32 +0000 (UTC) Date: Fri, 28 Oct 2011 14:53:32 +0000 (UTC) From: "Martin Higham (Created) (JIRA)" To: dev@couchdb.apache.org Message-ID: <659274089.31752.1319813612868.JavaMail.tomcat@hel.zones.apache.org> Subject: [jira] [Created] (COUCHDB-1321) Vars in Rewrite rules break OAuth authentication MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 Vars in Rewrite rules break OAuth authentication ------------------------------------------------ Key: COUCHDB-1321 URL: https://issues.apache.org/jira/browse/COUCHDB-1321 Project: CouchDB Issue Type: Bug Components: HTTP Interface Affects Versions: 1.1 Environment: Ubuntu Reporter: Martin Higham Priority: Minor When a rewrite rule containing a var ( such as /:name/myfunction ) matches an incoming request then an additional query param gets created. Unfortunately this new query param gets included in the Signature Base String when the OAuth code generates its version of the request signature to validate the incoming request it causing authentication to fail. To fix this isn't straightforward. When a VHost is configured there is a handy copy of the original URL in (x-couchdb-vhost-path) that can be used to generate the Signature Base String, unfortunately if there isn't a VHost no such copy exists. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira