View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0007499 | Taler | merchant backend | public | 2022-11-29 10:18 | 2023-01-26 22:53 |
Reporter | MS | Assigned To | Christian Grothoff | ||
Priority | normal | Severity | minor | Reproducibility | have not tried |
Status | closed | Resolution | fixed | ||
Target Version | 0.9.1 | Fixed in Version | 0.9.1 | ||
Summary | 0007499: "secret-token:" prefix dual behavior | ||||
Description | The merchant backend tolerates a missing RFC 8959 prefix when that's passed as a configuration value (only observed via the "-a" CLI option), to the point that it silently adds one if that's not found, but then refuses HTTP requests that lack such a prefix. That has two problems: (1) the policy is inconsistent, and (2) it nullifies the main reason to have such a RFC: easier identification of tokens through published text. | ||||
Tags | No tags attached. | ||||
|
You are right, we should not auto-add the prefix and instead force the user to supply it. |
|
Fixed in ad99fc41..361833d6 |
Date Modified | Username | Field | Change |
---|---|---|---|
2022-11-29 10:18 | MS | New Issue | |
2022-11-29 10:18 | MS | Status | new => assigned |
2022-11-29 10:18 | MS | Assigned To | => Christian Grothoff |
2022-11-29 10:52 | Christian Grothoff | Note Added: 0019490 | |
2022-11-29 21:55 | Christian Grothoff | Status | assigned => resolved |
2022-11-29 21:55 | Christian Grothoff | Resolution | open => fixed |
2022-11-29 21:55 | Christian Grothoff | Fixed in Version | => 0.9.1 |
2022-11-29 21:55 | Christian Grothoff | Note Added: 0019491 | |
2023-01-23 22:25 | Christian Grothoff | Target Version | => 0.9.1 |
2023-01-26 22:53 | Christian Grothoff | Status | resolved => closed |
2025-03-22 14:09 | Christian Grothoff | Category | mechant backend => merchant backend |