|Summary:||ASTERISK-07257: [patch] AMI over HTTP fails with Internet Explorer|
|Reporter:||Jeffrey Kohler (jeff)||Labels:|
|Date Opened:||2006-06-29 13:18:19||Date Closed:||2006-08-16 23:26:44|
|Environment:||Attachments:||( 0) jeff-diff3.txt|
( 1) jeff-diff4.txt
|Description:||The cookie parsing code in http.c does not work with the cookie strings that Internet Explorer sends. Because of this, you can’t log in using IE.|
I’ve put together some revised parsing code (attached) that appears to work for both IE 6 and FireFox 1.5.
Of course the ideal solution would be to have parsing code compliant to RFC 2109 and 2965, but that seems like a fairly substantial undertaking.
|Comments:||By: Serge Vecher (serge-v) 2006-06-29 14:46:06|
jeff: thanks for the patch. Can you please fix it up according to CODING GUIDELINES?
By: Jeffrey Kohler (jeff) 2006-06-29 15:22:34
OK, I've made the following changes:
- no tab characters
- changed spacing
- limited line length to 90 characters
- changed curly brace positioning
By: Serge Vecher (serge-v) 2006-06-29 15:32:14
actually, the tabs are the right choice for indentation (as per CODING GUIDELINES ;). Other changes look good. Also, I would terminate the comments at the end of the paragraph, not at the end of each line. Thanks.
By: Jeffrey Kohler (jeff) 2006-06-29 15:48:15
Changed back to tab characters and changed comment formating.
As an aside, all I could find in the coding standards document relating to tab characters was this:
- Use spaces instead of tabs when aligning in-line comments or #defines (this makes your comments aligned even if the code is viewed with another tabsize)
Perhaps something should be added to clarify that tabs are the preferred character for indention?
By: Tilghman Lesher (tilghman) 2006-06-30 00:44:24
This code will segfault if the cookie value begins with a $ but does not contain a ';'.
By: Jeffrey Kohler (jeff) 2006-06-30 07:23:13
Yes the previous code would indeed crash if the cookie string started with a '$' and had no ';'.
As I stated, the cookie parsing code appears to work for IE 6 and FF 1.5 cookie strings, but is definitely not robust or fully compliant with the related RFCs.
Therefore, there are still cookie strings that Asterisk will be unable to parse. However, at least now Asterisk should not crash when it encounters an unexpected string.
By: Serge Vecher (serge-v) 2006-06-30 09:52:38
thanks for following-through, jeff.
By: Russell Bryant (russell) 2006-08-13 23:01:52
By: Jeffrey Kohler (jeff) 2006-08-14 07:47:41
What I have been using is the REST-like interface:
These calls work with the patch, but they do not work without it. Before the patch, the first call would appear to be successful, but the next call would fail. This is because Asterisk was providing cookie strings IE couldn't interpret correctly; therefore, IE wasn't sending back its authentication token with the second request.
By: Russell Bryant (russell) 2006-08-14 23:17:22
Ok, great. I just needed to know how you were testing the issue you were addressing. I will lab this up again later this week. Thanks
By: Russell Bryant (russell) 2006-08-16 23:26:44
fixed in the trunk in revision 40131, thanks!!