incubator-couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Robert Newson <rnew...@apache.org>
Subject Re: _session + vhost + rewrites
Date Wed, 20 Mar 2013 12:18:04 GMT
Hm, not without a code change, I think. The secure rewrites setting is
to prevent a rewrite jumping between databases. At first glance it
does seem an overreach to block a rewrite to _session (and presumably
anything else at the top level).

B.

On 20 March 2013 12:13, Anthony Ananich <anton.ananich@inpun.com> wrote:
> Hi!
>
> I'm trying to make _session handler accessible via url like
> http://mysite.com/_session while using rewrite rules. I get the
> following error:
> {"error":"insecure_rewrite_rule","reason":"too many ../.. segments"}
>
> I found that it could be fixed with adding this to an ini file:
> [httpd]
> secure_rewrites = false
>
> Is there a way to allow _session without disabling secure_rewrites?
>
> Thanks,
> Anthony

Mime
View raw message