gnunet-svn
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[taler-merchant] branch master updated: fix #6737

From: gnunet
Subject: [taler-merchant] branch master updated: fix #6737
Date: Thu, 04 Feb 2021 18:34:03 +0100 
This is an automated email from the git hooks/post-receive script.

grothoff pushed a commit to branch master
in repository merchant.

The following commit(s) were added to refs/heads/master by this push:
     new 00c02568 fix #6737
00c02568 is described below

commit 00c02568ebbd2ea126d76e1859ba02fc66941123
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Thu Feb 4 18:27:54 2021 +0100

    fix #6737
---
 src/backend/taler-merchant-httpd.c | 27 ++++++++++++++++++++-------
 1 file changed, 20 insertions(+), 7 deletions(-)

diff --git a/src/backend/taler-merchant-httpd.c 
b/src/backend/taler-merchant-httpd.c
index f53e0bec..6205eeda 100644
--- a/src/backend/taler-merchant-httpd.c
+++ b/src/backend/taler-merchant-httpd.c
@@ -1631,6 +1631,7 @@ url_handler (void *cls,
     const char *auth;
     struct TMH_MerchantInstance *def_instance;
     bool auth_ok;
+    bool auth_malformed = false;
 
     /* PATCHing an instance can alternatively be checked against
        the default instance */
@@ -1644,13 +1645,19 @@ url_handler (void *cls,
                              RFC_8959_PREFIX,
                              strlen (RFC_8959_PREFIX)))
       {
-        return TALER_MHD_reply_with_error (connection,
-                                           MHD_HTTP_UNAUTHORIZED,
-                                           
TALER_EC_GENERIC_PARAMETER_MALFORMED,
-                                           "'" RFC_8959_PREFIX
-                                           "' prefix missing in 
'Authorization' header");
+        /* We _only_ complain about malformed auth headers if
+           authorization was truly required (#6737). This helps
+           in case authorization was disabled in the backend
+           because some reverse proxy is already doing it, and
+           then that reverse proxy may forward malformed auth
+           headers to the backend. */
+        auth_malformed = true;
+        auth = NULL;
+      }
+      else
+      {
+        auth += strlen (RFC_8959_PREFIX);
       }
-      auth += strlen (RFC_8959_PREFIX);
     }
 
     /* Are the credentials provided OK for the default instance?
@@ -1684,12 +1691,18 @@ url_handler (void *cls,
                                   &hc->instance->settings.auth_hash));
     if (! auth_ok)
     {
+      if (auth_malformed)
+        return TALER_MHD_reply_with_error (connection,
+                                           MHD_HTTP_UNAUTHORIZED,
+                                           
TALER_EC_GENERIC_PARAMETER_MALFORMED,
+                                           "'" RFC_8959_PREFIX
+                                           "' prefix missing in 
'Authorization' header");
       return TALER_MHD_reply_with_error (connection,
                                          MHD_HTTP_UNAUTHORIZED,
                                          
TALER_EC_MERCHANT_GENERIC_UNAUTHORIZED,
                                          "Check 'Authorization' header");
     }
-  }
+  } /* if (use_private) */
 
 
   if ( (NULL == hc->instance) &&

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]