couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Kowalski (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (COUCHDB-2469) Unauthorized access via apache reverse proxy drops path component
Date Wed, 10 Dec 2014 11:12:13 GMT

     [ https://issues.apache.org/jira/browse/COUCHDB-2469?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Robert Kowalski resolved COUCHDB-2469.
--------------------------------------
    Resolution: Fixed
      Assignee: Robert Kowalski

Hi Adrian,

the first error from the JavaScript console is not related to the problem. (the prototype
warning)

Regarding the path to _session: the new Fauxton Webinterface posts directly to the _session
endpoint at _session (see http://wiki.apache.org/couchdb/Session_API) and not /db/_session.

I am not an expert in Apache rules but I think you have to add a rule or modify the existing
one. (probably remove the "db/") so we can reach /_session at "http://0.0.0.0:5984/_session"

If you want to definitely use /db/ as the root for Fauxton you can play with the app.root
and app.host in https://github.com/apache/couchdb-fauxton/blob/master/settings.json.default
and create and deploy a custom Fauxton build.

See also https://issues.apache.org/jira/browse/COUCHDB-2403

> Unauthorized access via apache reverse proxy drops path component
> -----------------------------------------------------------------
>
>                 Key: COUCHDB-2469
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-2469
>             Project: CouchDB
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: Fauxton, HTTP Interface
>            Reporter: Adrian Aichner
>            Assignee: Robert Kowalski
>
> I use this apache reverse proxy setting
>         ProxyPass /db/ http://0.0.0.0:5984/ nocanon
>         ProxyPassReverse /db/ http://0.0.0.0:5984/
> because I was not able to get firefox https access to work with self-signed certificate
on port 6984.
> While futon handles this fine, redirecting me to
> https://my.server/db/_session
> for auth, fauxton drops the /db/ components, gets 404 on
> https://my.server/_session
> with no way to recover from #noAccess:
> GET https://my.server/db/_utils/fauxton/js/require.js [HTTP/1.1 200 OK 5734ms]
> mutating the [[Prototype]] of an object will cause your code to run very slowly; instead
create the object with the correct initial [[Prototype]] value using Object.create require.js:12:31617
> GET https://my.server/_session [HTTP/1.1 404 Not Found 31ms]



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message