[
https://issues.apache.org/jira/browse/SHINDIG-211?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Brian Eaton updated SHINDIG-211:
--------------------------------
Attachment: signed-fetch-legal-chars.patch
> signed fetcher too paranoid
> ---------------------------
>
> Key: SHINDIG-211
> URL: https://issues.apache.org/jira/browse/SHINDIG-211
> Project: Shindig
> Issue Type: Bug
> Reporter: Brian Eaton
> Attachments: signed-fetch-legal-chars.patch
>
>
> Symptom: somebody complains that their makeRequest doesn't verify properly or
> that parameters are missing.
> Root cause: SigningFetcher is overly paranoid about signing parameters with
> weird characters in the names.
> Source of confusion: Instead of throwing an exception when it can't sign a
> message, SigningFetcher either removes the invalid parameter entirely (query
> string) or leaves the parameter out of the signature base string (post body).
> I've made SigningFetcher less paranoid, and also made it throw exceptions
> early on if a request contains invalid query or post parameters.
> Some subset of requests that used to "work" with invalid signatures or
> missing parameters will now fail. Early/obvious failures are better than
> late/subtle ones.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
