You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@couchdb.apache.org by "Robert Newson (JIRA)" <ji...@apache.org> on 2015/08/19 20:54:45 UTC
[jira] [Resolved] (COUCHDB-2781) Don't pass CSRF cookie to
_replicate
[ https://issues.apache.org/jira/browse/COUCHDB-2781?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Robert Newson resolved COUCHDB-2781.
------------------------------------
Resolution: Fixed
Fix Version/s: 2.0.0
> Don't pass CSRF cookie to _replicate
> ------------------------------------
>
> Key: COUCHDB-2781
> URL: https://issues.apache.org/jira/browse/COUCHDB-2781
> Project: CouchDB
> Issue Type: Bug
> Security Level: public(Regular issues)
> Reporter: Robert Newson
> Fix For: 2.0.0
>
>
> If you use a local dbname for source and target chttpd will expand this to a url, including the cookie header. This was fine when we just had AuthSession but CSRF header will be included, and that breaks replication.
> Instead, just pass the AuthSession cookie if found.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)