Opened 5 years ago

Closed 4 years ago

#6445 defect closed duplicate (duplicate)

Digest authentication fails for URLs including comma

Reported by: sh Owned by:
Priority: normal Milestone:
Component: web Keywords:
Cc: jknight Branch:
Author:

Description

The twisted.cred digest authentication method fails for URLs including a comma, e.g.

"/query?param=value1,value2"

The client sends a GET request containing the header line:

Authorization: Digest username="..", realm="..", nonce="..", uri="..", response="..", opaque=".."

The server splits this line in twisted/cred/credentials.py:341 using split(','). This code fails for URIs containing a comma. See traceback attached.

As a workaround the comma in the URL has to be encoded using %2C.

Attachments (1)

traceback (1.0 KB) - added by sh 5 years ago.
traceback

Download all attachments as: .zip

Change History (5)

comment:1 Changed 5 years ago by DefaultCC Plugin

Cc: jknight added

Changed 5 years ago by sh

Attachment: traceback added

traceback

comment:2 Changed 5 years ago by nothung

Owner: set to nothung
Status: newassigned

comment:3 Changed 5 years ago by nothung

Owner: nothung deleted
Status: assignednew

comment:4 Changed 4 years ago by Glyph

Resolution: duplicate
Status: newclosed

#6609 is a duplicate of this.

Although that is a newer ticket, it already has a branch in review, so I'm closing this one.

Thanks for reporting it.

Note: See TracTickets for help on using tickets.