View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0007499 | Taler | merchant backend | public | 2022-11-29 10:18 | 2023-01-26 22:53 |
| Reporter | MS | Assigned To | Christian Grothoff | ||
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | closed | Resolution | fixed | ||
| Target Version | 0.9.1 | Fixed in Version | 0.9.1 | ||
| Summary | 0007499: "secret-token:" prefix dual behavior | ||||
| Description | The merchant backend tolerates a missing RFC 8959 prefix when that's passed as a configuration value (only observed via the "-a" CLI option), to the point that it silently adds one if that's not found, but then refuses HTTP requests that lack such a prefix. That has two problems: (1) the policy is inconsistent, and (2) it nullifies the main reason to have such a RFC: easier identification of tokens through published text. | ||||
| Tags | No tags attached. | ||||
|
|
You are right, we should not auto-add the prefix and instead force the user to supply it. |
|
|
Fixed in ad99fc41..361833d6 |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2022-11-29 10:18 | MS | New Issue | |
| 2022-11-29 10:18 | MS | Status | new => assigned |
| 2022-11-29 10:18 | MS | Assigned To | => Christian Grothoff |
| 2022-11-29 10:52 | Christian Grothoff | Note Added: 0019490 | |
| 2022-11-29 21:55 | Christian Grothoff | Status | assigned => resolved |
| 2022-11-29 21:55 | Christian Grothoff | Resolution | open => fixed |
| 2022-11-29 21:55 | Christian Grothoff | Fixed in Version | => 0.9.1 |
| 2022-11-29 21:55 | Christian Grothoff | Note Added: 0019491 | |
| 2023-01-23 22:25 | Christian Grothoff | Target Version | => 0.9.1 |
| 2023-01-26 22:53 | Christian Grothoff | Status | resolved => closed |
| 2025-03-22 14:09 | Christian Grothoff | Category | mechant backend => merchant backend |
