Summary:ASTERISK-07257: [patch] AMI over HTTP fails with Internet Explorer
Reporter:Jeffrey Kohler (jeff)Labels:
Date Opened:2006-06-29 13:18:19Date Closed:2006-08-16 23:26:44
Versions:Frequency of
Environment:Attachments:( 0) jeff-diff3.txt
( 1) jeff-diff4.txt
Description:The cookie parsing code in http.c does not work with the cookie strings that Internet Explorer sends.  Because of this, you can’t log in using IE.

I’ve put together some revised parsing code (attached) that appears to work for both IE 6 and FireFox 1.5.

Of course the ideal solution would be to have parsing code compliant to RFC 2109 and 2965, but that seems like a fairly substantial undertaking.
Comments:By: Serge Vecher (serge-v) 2006-06-29 14:46:06

jeff: thanks for the patch. Can you please fix it up according to CODING GUIDELINES?

By: Jeffrey Kohler (jeff) 2006-06-29 15:22:34

OK, I've made the following changes:
- no tab characters
- changed spacing
- limited line length to 90 characters
- changed curly brace positioning

By: Serge Vecher (serge-v) 2006-06-29 15:32:14

actually, the tabs are the right choice for indentation (as per CODING GUIDELINES ;). Other changes look good. Also, I would terminate the comments at the end of the paragraph, not at the end of each line. Thanks.

By: Jeffrey Kohler (jeff) 2006-06-29 15:48:15

Changed back to tab characters and changed comment formating.

As an aside, all I could find in the coding standards document relating to tab characters was this:
- Use spaces instead of tabs when aligning in-line comments or #defines (this makes your comments aligned even if the code is viewed with another tabsize)

Perhaps something should be added to clarify that tabs are the preferred character for indention?

By: Tilghman Lesher (tilghman) 2006-06-30 00:44:24

This code will segfault if the cookie value begins with a $ but does not contain a ';'.

By: Jeffrey Kohler (jeff) 2006-06-30 07:23:13

Yes the previous code would indeed crash if the cookie string started with a '$' and had no ';'.

As I stated, the cookie parsing code appears to work for IE 6 and FF 1.5 cookie strings, but is definitely not robust or fully compliant with the related RFCs.

Therefore, there are still cookie strings that Asterisk will be unable to parse.  However, at least now Asterisk should not crash when it encounters an unexpected string.

By: Serge Vecher (serge-v) 2006-06-30 09:52:38

thanks for following-through, jeff.

By: Russell Bryant (russell) 2006-08-13 23:01:52

I tried testing this patch using the included ajamdemo.html.  However, I can't seem to get it to work due to javascript errors.  Have you tried the ajamdemo under Internet Explorer, or were you writing something of your own?

By: Jeffrey Kohler (jeff) 2006-08-14 07:47:41

I also get javascript errors when trying to use the AJAM demo in IE.  That's a different issue than what I was trying to address.

What I have been using is the REST-like interface:

These calls work with the patch, but they do not work without it.  Before the patch, the first call would appear to be successful, but the next call would fail.  This is because Asterisk was providing cookie strings IE couldn't interpret correctly; therefore, IE wasn't sending back its authentication token with the second request.

By: Russell Bryant (russell) 2006-08-14 23:17:22

Ok, great.  I just needed to know how you were testing the issue you were addressing.  I will lab this up again later this week.  Thanks

By: Russell Bryant (russell) 2006-08-16 23:26:44

fixed in the trunk in revision 40131, thanks!!