Print

Print

@riccardodimaria - thank you for the debugging information: this is exactly what was needed!

Are you advising not having http.selfhttps2http and http.secretkey at all? Meaning no "fast redirection, distributed authentication, fast unencrypted data access"...

Yes, I'd advise not to use that at all - simply because we also have fast encrypted data access. Even beyond this apparent bug, there are so many ways that secrets can leak out in unexpected ways I would remain wary.

The underlying problem appears to be in XrdHttpReq::appendOpaque making assumptions that the URL fed into the method will never already contain query parameters embedded in the URL (and I count at least two code paths that already do; you hit one, the other has to do with EOS). Hence, it does not prefix the additional arguments with & and the xrdhttptk key is instead appended to the prior argument (resulting in both being invalid!).

@ffurano - the fix looks easy (simply see if there is an existing ? in the string before deciding whether to add the &): would you be able to address it?


You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or unsubscribe.

[ { "@context": "http://schema.org", "@type": "EmailMessage", "potentialAction": { "@type": "ViewAction", "target": "https://github.com/xrootd/xrootd/issues/1251#issuecomment-658256778", "url": "https://github.com/xrootd/xrootd/issues/1251#issuecomment-658256778", "name": "View Issue" }, "description": "View this Issue on GitHub", "publisher": { "@type": "Organization", "name": "GitHub", "url": "https://github.com" } } ]

Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1