Uploaded image for project: 'StoRM'
  1. StoRM
  2. STOR-1197

StoRM Webdav should drop Authorization header in TPC redirects

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major Major
    • 1.11.18
    • None
    • webdav
    • Security Level: Public (Visbile by non-authn users.)
    • None

      Citing Paul Millar:
      "It is a fairly well established convention that an HTTP client should drop the Authorization HTTP request header from subsequent requests if the server replies with a redirection (30x) status code. It is expected that any authorisation needed for the subsequent request is handled by the redirecting server (e.g., by including an authz token in the redirection URL)."

      StoRM uses the Commons HTTP Client library which, by default, includes the header in the redirect.

            Unassigned Unassigned
            aceccant Andrea Ceccanti
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: