Uploaded image for project: 'OpenNMS'
  1. OpenNMS
  2. NMS-7866

Incorrect host in Location header when creating resources via ReST

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved (View Workflow)
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: 17.0.0
    • Fix Version/s: 17.1.0
    • Component/s: REST
    • Security Level: Default (Default Security Scheme)
    • Labels:
      None
    • Sprint:
      Newts - Sprint 7

      Description

      In the following request/response to the ReST API:

      $ curl -v -u admin:admin -H "Content-Type: application/json" -X POST -d '{"foreign-source":"test2","node":[]}' http://127.0.0.1:8980/opennms/rest/requisitions
      *   Trying 127.0.0.1...
      * Connected to 127.0.0.1 (127.0.0.1) port 8980 (#0)
      * Server auth using Basic with user 'admin'
      > POST /opennms/rest/requisitions HTTP/1.1
      > Authorization: Basic YWRtaW46YWRtaW4=
      > User-Agent: curl/7.40.0
      > Host: 127.0.0.1:8980
      > Accept: */*
      > Content-Type: application/json
      > Content-Length: 36
      >
      * upload completely sent off: 36 out of 36 bytes
      < HTTP/1.1 303 See Other
      < Set-Cookie: JSESSIONID=f6xa2855mfd113a1zoeambgkp;Path=/opennms
      < Expires: Thu, 01 Jan 1970 00:00:00 GMT
      < Location: http://localhost:8980/opennms/rest/requisitions/test1
      < Date: Thu, 10 Sep 2015 01:12:22 GMT
      < Content-Length: 0
      < Server: Jetty(8.1.10.v20130312)
      <
      * Connection #0 to host 127.0.0.1 left intact
      

      The host in the returned Location header is set to localhost:8980, which differs from the host in the request 127.0.0.1:8980.

      As originally reported in NMS-7845 this can cause authentication errors, since existing session cookies attached to the 127.0.0.1:8980 host will no longer be used when following the redirect to localhost:8980.

        Attachments

        1. Bug.png
          Bug.png
          68 kB
        2. No-Proxy.png
          No-Proxy.png
          186 kB

          Issue Links

            Activity

              People

              • Assignee:
                j-white Jesse White
                Reporter:
                j-white Jesse White
              • Votes:
                1 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: