View Issue Details

IDProjectCategoryView StatusLast Update
0007101Talermechant backendpublic2022-11-04 20:52
Reporterms-mantis Assigned Tosebasjm  
Status closedResolutionfixed 
Target Version0.9 
Summary0007101: DoS assert should be removed.
DescriptionThe merchant backend asserts to have the "X-Forwarded-Prefix" header *not* in place,
when it servers a "POST /private/orders".

That means that a client can crash the merchant by setting that header along a request!

Possibly, it was a temporary solution to some other problem, but it must be removed.
TagsNo tags attached.



2021-11-22 11:58

developer   ~0018523

removed at 06765a1eff683e17184a1444bcb1323a09d229fd

Issue History

Date Modified Username Field Change
2021-11-20 12:31 ms-mantis New Issue
2021-11-20 12:31 ms-mantis Status new => assigned
2021-11-20 12:31 ms-mantis Assigned To => Christian Grothoff
2021-11-20 12:43 Christian Grothoff Assigned To Christian Grothoff => sebasjm
2021-11-22 11:58 sebasjm Status assigned => resolved
2021-11-22 11:58 sebasjm Resolution open => fixed
2021-11-22 11:58 sebasjm Note Added: 0018523
2022-10-20 10:48 Christian Grothoff Target Version => 0.9
2022-11-04 20:52 Christian Grothoff Status resolved => closed