couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Adrian Aichner (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (COUCHDB-2469) Unauthorized access via apache reverse proxy drops path component
Date Wed, 19 Nov 2014 20:19:34 GMT

     [ https://issues.apache.org/jira/browse/COUCHDB-2469?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Adrian Aichner updated COUCHDB-2469:
------------------------------------
    Description: 
I use this apache reverse proxy setting
        ProxyPass /db/ http://0.0.0.0:5984/ nocanon
        ProxyPassReverse /db/ http://0.0.0.0:5984/
because I was not able to get firefox https access to work with self-signed certificate on
port 6984.

While futon handles this fine, redirecting me to
https://my.server/db/_session
for auth, fauxton drops the /db/ components, gets 404 on
https://my.server/_session
with no way to recover from #noAccess:

GET https://my.server/db/_utils/fauxton/js/require.js [HTTP/1.1 200 OK 5734ms]
mutating the [[Prototype]] of an object will cause your code to run very slowly; instead create
the object with the correct initial [[Prototype]] value using Object.create require.js:12:31617
GET https://my.server/_session [HTTP/1.1 404 Not Found 31ms]


  was:
I use this apache reverse proxy setting
        ProxyPass /db/ http://0.0.0.0:5984/ nocanon
        ProxyPassReverse /db/ http://0.0.0.0:5984/
because I was not able to get firefox https access to work with self-signed certificate on
port 6984.

While futon handles this fine, redirecting me to
https://apa.selfhost.eu/db/_session
for auth, fauxton drops the /db/ components, gets 404 on
https://apa.selfhost.eu/_session
with no way to recover from #noAccess:

GET https://my.server/db/_utils/fauxton/js/require.js [HTTP/1.1 200 OK 5734ms]
mutating the [[Prototype]] of an object will cause your code to run very slowly; instead create
the object with the correct initial [[Prototype]] value using Object.create require.js:12:31617
GET https://my.server/_session [HTTP/1.1 404 Not Found 31ms]



> Unauthorized access via apache reverse proxy drops path component
> -----------------------------------------------------------------
>
>                 Key: COUCHDB-2469
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-2469
>             Project: CouchDB
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: Fauxton, HTTP Interface
>            Reporter: Adrian Aichner
>
> I use this apache reverse proxy setting
>         ProxyPass /db/ http://0.0.0.0:5984/ nocanon
>         ProxyPassReverse /db/ http://0.0.0.0:5984/
> because I was not able to get firefox https access to work with self-signed certificate
on port 6984.
> While futon handles this fine, redirecting me to
> https://my.server/db/_session
> for auth, fauxton drops the /db/ components, gets 404 on
> https://my.server/_session
> with no way to recover from #noAccess:
> GET https://my.server/db/_utils/fauxton/js/require.js [HTTP/1.1 200 OK 5734ms]
> mutating the [[Prototype]] of an object will cause your code to run very slowly; instead
create the object with the correct initial [[Prototype]] value using Object.create require.js:12:31617
> GET https://my.server/_session [HTTP/1.1 404 Not Found 31ms]



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message