couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Charette <ioma...@yahoo.com>
Subject Re: _session + vhost + rewrites
Date Thu, 21 Mar 2013 00:09:47 GMT
+1

Jeff Charette | Principal 
We Are Charette
web / identity / packaging

m  415.298.2707
w  wearecharette.com
e   jeffrey@wearecharette.com

On Mar 20, 2013, at 9:21 AM, Anthony Ananich <anton.ananich@inpun.com> wrote:

> Good to know this. Thanks!
> 
> On Wed, Mar 20, 2013 at 3:50 PM, Benoit Chesneau <bchesneau@gmail.com> wrote:
>> On Wed, Mar 20, 2013 at 5:26 AM, Anthony Ananich
>> <anton.ananich@inpun.com> wrote:
>>> I think I've found an answer. It seems that while using vhost
>>> /_session handler is available in the root of vhost independent on if
>>> there are any rewrite rules or not.
>>> 
>>> I was not able to find any documentation about that, so I'm not sure
>>> if it is bug or feature :)
>> 
>> It's a feature, see in the section [httpd] of default.ini:
>> 
>> vhost_global_handlers = _utils, _uuids, _session, _oauth, _users
>> 
>> - benoƮt
>> 
>> 
>>> 
>>> On Wed, Mar 20, 2013 at 3:18 PM, Robert Newson <rnewson@apache.org> wrote:
>>>> Hm, not without a code change, I think. The secure rewrites setting is
>>>> to prevent a rewrite jumping between databases. At first glance it
>>>> does seem an overreach to block a rewrite to _session (and presumably
>>>> anything else at the top level).
>>>> 
>>>> B.
>>>> 
>>>> On 20 March 2013 12:13, Anthony Ananich <anton.ananich@inpun.com> wrote:
>>>>> Hi!
>>>>> 
>>>>> I'm trying to make _session handler accessible via url like
>>>>> http://mysite.com/_session while using rewrite rules. I get the
>>>>> following error:
>>>>> {"error":"insecure_rewrite_rule","reason":"too many ../.. segments"}
>>>>> 
>>>>> I found that it could be fixed with adding this to an ini file:
>>>>> [httpd]
>>>>> secure_rewrites = false
>>>>> 
>>>>> Is there a way to allow _session without disabling secure_rewrites?
>>>>> 
>>>>> Thanks,
>>>>> Anthony


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message