You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@couchdb.apache.org by "Robert Newson (JIRA)" <ji...@apache.org> on 2015/08/19 17:41:46 UTC
[jira] [Created] (COUCHDB-2781) Don't pass CSRF cookie to
_replicate
Robert Newson created COUCHDB-2781:
--------------------------------------
Summary: Don't pass CSRF cookie to _replicate
Key: COUCHDB-2781
URL: https://issues.apache.org/jira/browse/COUCHDB-2781
Project: CouchDB
Issue Type: Bug
Security Level: public (Regular issues)
Reporter: Robert Newson
If you use a local dbname for source and target chttpd will expand this to a url, including the cookie header. This was fine when we just had AuthSession but CSRF header will be included, and that breaks replication.
Instead, just pass the AuthSession cookie if found.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)