View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0001715 | Anope Stable (2.0.x series) | General | public | 2018-03-04 01:09 | 2018-03-27 03:19 |
Reporter | linuxdaemon | Assigned To | Adam | ||
Priority | normal | Severity | minor | Reproducibility | sometimes |
Status | resolved | Resolution | fixed | ||
Summary | 0001715: Header parsing in webcpanel is not case-insensitive | ||||
Description | If a browser sends a cookie header as 'cookie: data' instead of 'Cookie: data', the web panel does not parse it as a cookie. Header names should be parsed case-insensitively. If a browser sends a cookie in this fashion, the user is unable to log in at all. | ||||
Steps To Reproduce | 1. Get your cookie data from a valid login to the anope web panel 2. curl 'anope.my.website/nickserv/info' -H 'cookie: data' --location 3. You will be redirected to 'anope.my.website' due to not being logged in. | ||||
Additional Information | Google Chrome (Version 64.0.3282.186 (Official Build) (64-bit)) appears to send the cookie header in this fashion, causing a user to be unable to log in to the web panel. | ||||
Tags | webcpanel | ||||
|
Fixed in d25722ddd0766cba2c33614e326d241d3f1f7eeb |
|
See: https://github.com/elm-lang/http/issues/31 It appears this is planned for more browsers and will become standard. |
Date Modified | Username | Field | Change |
---|---|---|---|
2018-03-04 01:09 | linuxdaemon | New Issue | |
2018-03-04 01:09 | linuxdaemon | Tag Attached: webcpanel | |
2018-03-04 01:13 | linuxdaemon | Note Added: 0006851 | |
2018-03-27 03:19 | Adam | Note Added: 0006852 | |
2018-03-27 03:19 | Adam | Status | new => resolved |
2018-03-27 03:19 | Adam | Resolution | open => fixed |
2018-03-27 03:19 | Adam | Assigned To | => Adam |