[
https://issues.apache.org/jira/browse/COUCHDB-2673?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14512759#comment-14512759
]
ASF GitHub Bot commented on COUCHDB-2673:
-----------------------------------------
GitHub user samueltardieu opened a pull request:
https://github.com/apache/couchdb/pull/314
Properly escape Location: HTTP header
Non-ASCII characters in the "Location:" header must be URL-encoded. This
can happen if a document is inserted with a user-defined "_id"
containing non-ASCII characters or if a filename contains non-ASCII
characters.
Fixes COUCHDB-2673
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/samueltardieu/couchdb
urlencode-location-header
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/couchdb/pull/314.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #314
----
commit a3fee552ddc6014767f1ed393f0960ca1ada3fe5
Author: Samuel Tardieu <s...@rfc1149.net>
Date: 2015-04-25T22:10:04Z
Properly escape Location: HTTP header
Non-ASCII characters in the "Location:" header must be URL-encoded. This
can happen if a document is inserted with a user-defined "_id"
containing non-ASCII characters or if a filename contains non-ASCII
characters.
Fixes COUCHDB-2673
----
> "Location" header in HTTP response should properly encode the document _id
> --------------------------------------------------------------------------
>
> Key: COUCHDB-2673
> URL: https://issues.apache.org/jira/browse/COUCHDB-2673
> Project: CouchDB
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: HTTP Interface
> Affects Versions: 1.6.1
> Reporter: Samuel Tardieu
>
> When inserting a document in a CouchDB 1.6.1 database, the response sent by
> CouchDB contains a "Location" HTTP header with the URI of the newly created
> document.
> However, if the "_id" of the new document contains non-ASCII characters, this
> "Location" header is not properly encoded.
> Example:
> {code}
> % curl -v -H "Content-Type: application/json" -X POST
> http://localhost:5984/test/ --data '{"_id": "xxxé"}'
> * Trying ::1...
> * Connected to localhost (::1) port 5984 (#0)
> > POST /test/ HTTP/1.1
> > Host: localhost:5984
> > User-Agent: curl/7.42.0
> > Accept: */*
> > Content-Type: application/json
> > Content-Length: 16
> >
> * upload completely sent off: 16 out of 16 bytes
> < HTTP/1.1 201 Created
> < Server: CouchDB/1.6.1 (Erlang OTP/17)
> < Location: http://localhost:5984/test/xxxé
> < ETag: "1-967a00dff5e02add41819138abb3284d"
> < Date: Sat, 25 Apr 2015 21:33:04 GMT
> < Content-Type: text/plain; charset=utf-8
> < Content-Length: 68
> < Cache-Control: must-revalidate
> <
> {"ok":true,"id":"xxxé","rev":"1-967a00dff5e02add41819138abb3284d"}
> {code}
> According to RFC 2616 ("HTTP headers only contain ASCII") and RFC 2396 ("here
> is how to construct an URI from ASCII characters"), the "Location" header
> should be formatted as:
> {code}
> Location: http://localhost:5984/test/xxx%C3%A9
> {code}
> The "spray.io" framework warns against this invalid response when doing such
> a request towards a CouchDB database.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
