Uploaded image for project: 'CouchDB'
  1. CouchDB
  2. COUCHDB-1321

Vars in Rewrite rules break OAuth authentication

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: 1.1
    • Fix Version/s: 1.2, 1.3
    • Component/s: HTTP Interface
    • Labels:
      None
    • Environment:

      Ubuntu

      Description

      When a rewrite rule containing a var ( such as /:name/myfunction ) matches an incoming request then an additional query param gets created. Unfortunately this new query param gets included in the Signature Base String when the OAuth code generates its version of the request signature to validate the incoming request it causing authentication to fail.

      To fix this isn't straightforward. When a VHost is configured there is a handy copy of the original URL in (x-couchdb-vhost-path) that can be used to generate the Signature Base String, unfortunately if there isn't a VHost no such copy exists.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              mhigham Martin Higham
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: