incubator-couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Martin Higham (Commented) (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (COUCHDB-1321) Vars in Rewrite rules break OAuth authentication
Date Wed, 02 Nov 2011 13:47:32 GMT

    [ https://issues.apache.org/jira/browse/COUCHDB-1321?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13142152#comment-13142152
] 

Martin Higham commented on COUCHDB-1321:
----------------------------------------

In the commit at https://github.com/ocastalabs/couchdb/commit/dc0106364605722cbc0935e92cff5e3ec01a7b1a
I fixed this for cases where a vhost is set, and therefore x-couchdb-vhost-path is set. I
don't understand enough about CouchDB internal http request handling to work out how to always
make sure there is a copy of the original request available. 

There probably aren't too many cases where rewrite rules are used without a vhost
                
> Vars in Rewrite rules break OAuth authentication
> ------------------------------------------------
>
>                 Key: COUCHDB-1321
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-1321
>             Project: CouchDB
>          Issue Type: Bug
>          Components: HTTP Interface
>    Affects Versions: 1.1
>         Environment: Ubuntu
>            Reporter: Martin Higham
>            Priority: Minor
>
> When a rewrite rule containing a var ( such as /:name/myfunction ) matches an incoming
request then an additional query param gets created. Unfortunately this new query param gets
included in the Signature Base String when the OAuth code generates its version of the request
signature to validate the incoming request it causing authentication to fail.
> To fix this isn't straightforward. When a VHost is configured there is a handy copy of
the original URL in (x-couchdb-vhost-path) that can be used to generate the Signature Base
String, unfortunately if there isn't a VHost no such copy exists.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message