You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@couchdb.apache.org by "Robert Newson (JIRA)" <ji...@apache.org> on 2015/08/19 20:54:45 UTC

[jira] [Resolved] (COUCHDB-2781) Don't pass CSRF cookie to _replicate

     [ https://issues.apache.org/jira/browse/COUCHDB-2781?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Robert Newson resolved COUCHDB-2781.
------------------------------------
       Resolution: Fixed
    Fix Version/s: 2.0.0

> Don't pass CSRF cookie to _replicate
> ------------------------------------
>
>                 Key: COUCHDB-2781
>                 URL: https://issues.apache.org/jira/browse/COUCHDB-2781
>             Project: CouchDB
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>            Reporter: Robert Newson
>             Fix For: 2.0.0
>
>
> If you use a local dbname for source and target chttpd will expand this to a url, including the cookie header. This was fine when we just had AuthSession but CSRF header will be included, and that breaks replication.
> Instead, just pass the AuthSession cookie if found.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)