couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Anthony Ananich <anton.anan...@inpun.com>
Subject Re: _session + vhost + rewrites
Date Wed, 20 Mar 2013 13:21:56 GMT
Good to know this. Thanks!

On Wed, Mar 20, 2013 at 3:50 PM, Benoit Chesneau <bchesneau@gmail.com> wrote:
> On Wed, Mar 20, 2013 at 5:26 AM, Anthony Ananich
> <anton.ananich@inpun.com> wrote:
>> I think I've found an answer. It seems that while using vhost
>> /_session handler is available in the root of vhost independent on if
>> there are any rewrite rules or not.
>>
>> I was not able to find any documentation about that, so I'm not sure
>> if it is bug or feature :)
>
> It's a feature, see in the section [httpd] of default.ini:
>
> vhost_global_handlers = _utils, _uuids, _session, _oauth, _users
>
> - benoƮt
>
>
>>
>> On Wed, Mar 20, 2013 at 3:18 PM, Robert Newson <rnewson@apache.org> wrote:
>>> Hm, not without a code change, I think. The secure rewrites setting is
>>> to prevent a rewrite jumping between databases. At first glance it
>>> does seem an overreach to block a rewrite to _session (and presumably
>>> anything else at the top level).
>>>
>>> B.
>>>
>>> On 20 March 2013 12:13, Anthony Ananich <anton.ananich@inpun.com> wrote:
>>>> Hi!
>>>>
>>>> I'm trying to make _session handler accessible via url like
>>>> http://mysite.com/_session while using rewrite rules. I get the
>>>> following error:
>>>> {"error":"insecure_rewrite_rule","reason":"too many ../.. segments"}
>>>>
>>>> I found that it could be fixed with adding this to an ini file:
>>>> [httpd]
>>>> secure_rewrites = false
>>>>
>>>> Is there a way to allow _session without disabling secure_rewrites?
>>>>
>>>> Thanks,
>>>> Anthony

Mime
View raw message