Adrian Aichner created COUCHDB-2469:
---------------------------------------
Summary: Unauthorized access via apache reverse proxy drops path
component
Key: COUCHDB-2469
URL: https://issues.apache.org/jira/browse/COUCHDB-2469
Project: CouchDB
Issue Type: Bug
Security Level: public (Regular issues)
Components: Fauxton, HTTP Interface
Reporter: Adrian Aichner
I use this apache reverse proxy setting
ProxyPass /db/ http://0.0.0.0:5984/ nocanon
ProxyPassReverse /db/ http://0.0.0.0:5984/
because I was not able to get firefox https access to work with self-signed
certificate on port 6984.
While futon handles this fine, redirecting me to
https://apa.selfhost.eu/db/_session
for auth, fauxton drops the /db/ components, gets 404 on
https://apa.selfhost.eu/_session
with no way to recover from #noAccess:
GET https://my.server/db/_utils/fauxton/js/require.js [HTTP/1.1 200 OK 5734ms]
mutating the [[Prototype]] of an object will cause your code to run very
slowly; instead create the object with the correct initial [[Prototype]] value
using Object.create require.js:12:31617
GET https://my.server/_session [HTTP/1.1 404 Not Found 31ms]
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
