diff options
author | Petr Vobornik <pvoborni@redhat.com> | 2012-02-29 15:25:40 +0100 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2012-02-28 23:25:38 -0500 |
commit | 610420bd2ab976ea9e35e6d010e3f1c9f572c646 (patch) | |
tree | 8693612c15fb733ae574ae323d6c936ea3c9aabe | |
parent | 3cd0217b309a27f7718ee2720662211e06e13e68 (diff) | |
download | freeipa-610420bd2ab976ea9e35e6d010e3f1c9f572c646.tar.gz freeipa-610420bd2ab976ea9e35e6d010e3f1c9f572c646.tar.xz freeipa-610420bd2ab976ea9e35e6d010e3f1c9f572c646.zip |
Fixed content type check in login_password
login_password is expecting that request content_type will be 'application/x-www-form-urlencoded'.
Current check is an equality check of content_type http header.
RFC 3875 defines that content type can contain parameters separated by ';'. For example: when firefox is doing ajax call it sets the request header to 'application/x-www-form-urlencoded; charset=UTF-8' which leads to negative result.
This patch makes the check more benevolent to allow such values.
Patch is a fixup for:
https://fedorahosted.org/freeipa/ticket/2095
-rw-r--r-- | ipaserver/rpcserver.py | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ipaserver/rpcserver.py b/ipaserver/rpcserver.py index c383f0482..3ada8b48f 100644 --- a/ipaserver/rpcserver.py +++ b/ipaserver/rpcserver.py @@ -894,7 +894,7 @@ class login_password(Backend, KerberosSession, HTTP_Status): # Get the user and password parameters from the request content_type = environ.get('CONTENT_TYPE', '').lower() - if content_type != 'application/x-www-form-urlencoded': + if not content_type.startswith('application/x-www-form-urlencoded'): return self.bad_request(environ, start_response, "Content-Type must be application/x-www-form-urlencoded") method = environ.get('REQUEST_METHOD', '').upper() |