View Issue Details

IDProjectCategoryView StatusLast Update
0006737Talermerchant backend API (C)public2021-02-04 18:35
ReporterFlorian Dold Assigned ToChristian Grothoff  
PrioritynormalSeverityminorReproducibilityhave not tried
Status resolvedResolutionfixed 
Product Versiongit (master) 
Target Version0.8.1Fixed in Version0.8.1 
Summary0006737: merchant should allow requests if authorization is not required, but "foreign" Authorization header is present
DescriptionThe merchant backend currently checks the syntax of the "Authorization" header before even checking if authorization is needed. The merchant *only* accepts bearer tokens in the Authorization header.

This complicates the deployment of the merchant backend where the reverse proxy handles authentication. The reverse proxy might not remove the authentication header before giving the request to the merchant backend.
TagsNo tags attached.


Christian Grothoff

2021-02-04 18:35

manager   ~0017497

Should be fixed in e919d68..00c0256

Issue History

Date Modified Username Field Change
2021-02-04 18:18 Florian Dold New Issue
2021-02-04 18:18 Florian Dold Status new => assigned
2021-02-04 18:18 Florian Dold Assigned To => Christian Grothoff
2021-02-04 18:35 Christian Grothoff Status assigned => resolved
2021-02-04 18:35 Christian Grothoff Resolution open => fixed
2021-02-04 18:35 Christian Grothoff Fixed in Version => 0.9
2021-02-04 18:35 Christian Grothoff Note Added: 0017497
2021-02-04 18:35 Christian Grothoff Fixed in Version 0.9 => 0.8.1