View Issue Details

IDProjectCategoryView StatusLast Update
0001715Anope Stable (2.0.x series)Generalpublic2018-03-27 03:19
Reporterlinuxdaemon Assigned ToAdam  
PrioritynormalSeverityminorReproducibilitysometimes
Status resolvedResolutionfixed 
Summary0001715: Header parsing in webcpanel is not case-insensitive
DescriptionIf a browser sends a cookie header as 'cookie: data' instead of 'Cookie: data', the web panel does not parse it as a cookie. Header names should be parsed case-insensitively. If a browser sends a cookie in this fashion, the user is unable to log in at all.
Steps To Reproduce1. Get your cookie data from a valid login to the anope web panel
2. curl 'anope.my.website/nickserv/info' -H 'cookie: data' --location
3. You will be redirected to 'anope.my.website' due to not being logged in.
Additional InformationGoogle Chrome (Version 64.0.3282.186 (Official Build) (64-bit)) appears to send the cookie header in this fashion, causing a user to be unable to log in to the web panel.
Tagswebcpanel

Activities

Adam

2018-03-27 03:19

administrator   ~0006852

Fixed in d25722ddd0766cba2c33614e326d241d3f1f7eeb

linuxdaemon

2018-03-04 01:13

reporter   ~0006851

See: https://github.com/elm-lang/http/issues/31
It appears this is planned for more browsers and will become standard.

Issue History

Date Modified Username Field Change
2018-03-04 01:09 linuxdaemon New Issue
2018-03-04 01:09 linuxdaemon Tag Attached: webcpanel
2018-03-04 01:13 linuxdaemon Note Added: 0006851
2018-03-27 03:19 Adam Note Added: 0006852
2018-03-27 03:19 Adam Status new => resolved
2018-03-27 03:19 Adam Resolution open => fixed
2018-03-27 03:19 Adam Assigned To => Adam