View Issue Details

IDProjectCategoryView StatusLast Update
0007499Talermechant backendpublic2023-01-26 22:53
ReporterMS Assigned ToChristian Grothoff  
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionfixed 
Target Version0.9.1Fixed in Version0.9.1 
Summary0007499: "secret-token:" prefix dual behavior
DescriptionThe merchant backend tolerates a missing RFC 8959 prefix when that's
passed as a configuration value (only observed via the "-a" CLI option), to
the point that it silently adds one if that's not found, but then refuses HTTP
requests that lack such a prefix.

That has two problems: (1) the policy is inconsistent, and (2) it nullifies the
main reason to have such a RFC: easier identification of tokens through published
text.
TagsNo tags attached.

Activities

Christian Grothoff

2022-11-29 10:52

manager   ~0019490

You are right, we should not auto-add the prefix and instead force the user to supply it.

Christian Grothoff

2022-11-29 21:55

manager   ~0019491

Fixed in ad99fc41..361833d6

Issue History

Date Modified Username Field Change
2022-11-29 10:18 MS New Issue
2022-11-29 10:18 MS Status new => assigned
2022-11-29 10:18 MS Assigned To => Christian Grothoff
2022-11-29 10:52 Christian Grothoff Note Added: 0019490
2022-11-29 21:55 Christian Grothoff Status assigned => resolved
2022-11-29 21:55 Christian Grothoff Resolution open => fixed
2022-11-29 21:55 Christian Grothoff Fixed in Version => 0.9.1
2022-11-29 21:55 Christian Grothoff Note Added: 0019491
2023-01-23 22:25 Christian Grothoff Target Version => 0.9.1
2023-01-26 22:53 Christian Grothoff Status resolved => closed