couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Klaus Trainer (Updated) (JIRA)" <>
Subject [jira] [Updated] (COUCHDB-1321) Vars in Rewrite rules break OAuth authentication
Date Sat, 12 Nov 2011 23:51:51 GMT


Klaus Trainer updated COUCHDB-1321:

    Attachment: 0001-Fix-OAuth-that-broke-with-parameters-in-rewrites.patch

> For completeness sake, do you want to add a test for COUCHDB-1320 as well, so we can
close both in one go?

I definitely want to add a test for COUCHDB-1320 (see my comment there). As I don't know when
I can come up with that, and those are two issues anyway, I would suggest to first apply the
fix, and the test case for COUCHDB-1320 separately when there is one available.

> And can you split out the whitespace changes to a separate patch? While minimal, we better
commit them separately.

Yeah, I've replaced the patch with a whitespace-change-free version. If nobody else does first,
and when a certain annoyance-threshold has been exceeded, I'll create a separate issue and
submit a patch that removes trailing white spaces from the entire code base ;)
> Vars in Rewrite rules break OAuth authentication
> ------------------------------------------------
>                 Key: COUCHDB-1321
>                 URL:
>             Project: CouchDB
>          Issue Type: Bug
>          Components: HTTP Interface
>    Affects Versions: 1.1
>         Environment: Ubuntu
>            Reporter: Martin Higham
>            Priority: Minor
>         Attachments: 0001-Fix-OAuth-that-broke-with-parameters-in-rewrites.patch
> When a rewrite rule containing a var ( such as /:name/myfunction ) matches an incoming
request then an additional query param gets created. Unfortunately this new query param gets
included in the Signature Base String when the OAuth code generates its version of the request
signature to validate the incoming request it causing authentication to fail.
> To fix this isn't straightforward. When a VHost is configured there is a handy copy of
the original URL in (x-couchdb-vhost-path) that can be used to generate the Signature Base
String, unfortunately if there isn't a VHost no such copy exists.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:!default.jspa
For more information on JIRA, see:


View raw message