| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] |
| ID | Project | Category | View Status | Date Submitted | Last Update |
| 0001715 | Anope Stable (2.0.x series) | [All Projects] General | public | 2018-03-04 01:09 | 2018-03-27 03:19 |
|
| Reporter | linuxdaemon | |
| Assigned To | Adam | |
| Priority | normal | Severity | minor | Reproducibility | sometimes |
| Status | resolved | Resolution | fixed | |
| Platform | | OS | | OS Version | |
|
| Summary | 0001715: Header parsing in webcpanel is not case-insensitive |
| Description | If a browser sends a cookie header as 'cookie: data' instead of 'Cookie: data', the web panel does not parse it as a cookie. Header names should be parsed case-insensitively. If a browser sends a cookie in this fashion, the user is unable to log in at all. |
| Steps To Reproduce | 1. Get your cookie data from a valid login to the anope web panel
2. curl 'anope.my.website/nickserv/info' -H 'cookie: data' --location
3. You will be redirected to 'anope.my.website' due to not being logged in. |
| Additional Information | Google Chrome (Version 64.0.3282.186 (Official Build) (64-bit)) appears to send the cookie header in this fashion, causing a user to be unable to log in to the web panel. |
| Tags | webcpanel |
|
| Attached Files | |
|
Relationships 
Relationships 