You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@couchdb.apache.org by "Jan Lehnardt (Closed) (JIRA)" <ji...@apache.org> on 2011/11/13 13:31:56 UTC
[jira] [Closed] (COUCHDB-1321) Vars in Rewrite rules break OAuth
authentication
[ https://issues.apache.org/jira/browse/COUCHDB-1321?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jan Lehnardt closed COUCHDB-1321.
---------------------------------
Resolution: Fixed
Fix Version/s: 1.3
1.2
@Klaus, agreed. Applied, thanks :)
> Vars in Rewrite rules break OAuth authentication
> ------------------------------------------------
>
> Key: COUCHDB-1321
> URL: https://issues.apache.org/jira/browse/COUCHDB-1321
> Project: CouchDB
> Issue Type: Bug
> Components: HTTP Interface
> Affects Versions: 1.1
> Environment: Ubuntu
> Reporter: Martin Higham
> Priority: Minor
> Fix For: 1.2, 1.3
>
> Attachments: 0001-Fix-OAuth-that-broke-with-parameters-in-rewrites.patch
>
>
> When a rewrite rule containing a var ( such as /:name/myfunction ) matches an incoming request then an additional query param gets created. Unfortunately this new query param gets included in the Signature Base String when the OAuth code generates its version of the request signature to validate the incoming request it causing authentication to fail.
> To fix this isn't straightforward. When a VHost is configured there is a handy copy of the original URL in (x-couchdb-vhost-path) that can be used to generate the Signature Base String, unfortunately if there isn't a VHost no such copy exists.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira