[ https://issues.apache.org/jira/browse/COUCHDB-2673?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14512759#comment-14512759 ]
ASF GitHub Bot commented on COUCHDB-2673: ----------------------------------------- GitHub user samueltardieu opened a pull request: https://github.com/apache/couchdb/pull/314 Properly escape Location: HTTP header Non-ASCII characters in the "Location:" header must be URL-encoded. This can happen if a document is inserted with a user-defined "_id" containing non-ASCII characters or if a filename contains non-ASCII characters. Fixes COUCHDB-2673 You can merge this pull request into a Git repository by running: $ git pull https://github.com/samueltardieu/couchdb urlencode-location-header Alternatively you can review and apply these changes as the patch at: https://github.com/apache/couchdb/pull/314.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #314 ---- commit a3fee552ddc6014767f1ed393f0960ca1ada3fe5 Author: Samuel Tardieu <s...@rfc1149.net> Date: 2015-04-25T22:10:04Z Properly escape Location: HTTP header Non-ASCII characters in the "Location:" header must be URL-encoded. This can happen if a document is inserted with a user-defined "_id" containing non-ASCII characters or if a filename contains non-ASCII characters. Fixes COUCHDB-2673 ---- > "Location" header in HTTP response should properly encode the document _id > -------------------------------------------------------------------------- > > Key: COUCHDB-2673 > URL: https://issues.apache.org/jira/browse/COUCHDB-2673 > Project: CouchDB > Issue Type: Bug > Security Level: public(Regular issues) > Components: HTTP Interface > Affects Versions: 1.6.1 > Reporter: Samuel Tardieu > > When inserting a document in a CouchDB 1.6.1 database, the response sent by > CouchDB contains a "Location" HTTP header with the URI of the newly created > document. > However, if the "_id" of the new document contains non-ASCII characters, this > "Location" header is not properly encoded. > Example: > {code} > % curl -v -H "Content-Type: application/json" -X POST > http://localhost:5984/test/ --data '{"_id": "xxxé"}' > * Trying ::1... > * Connected to localhost (::1) port 5984 (#0) > > POST /test/ HTTP/1.1 > > Host: localhost:5984 > > User-Agent: curl/7.42.0 > > Accept: */* > > Content-Type: application/json > > Content-Length: 16 > > > * upload completely sent off: 16 out of 16 bytes > < HTTP/1.1 201 Created > < Server: CouchDB/1.6.1 (Erlang OTP/17) > < Location: http://localhost:5984/test/xxxé > < ETag: "1-967a00dff5e02add41819138abb3284d" > < Date: Sat, 25 Apr 2015 21:33:04 GMT > < Content-Type: text/plain; charset=utf-8 > < Content-Length: 68 > < Cache-Control: must-revalidate > < > {"ok":true,"id":"xxxé","rev":"1-967a00dff5e02add41819138abb3284d"} > {code} > According to RFC 2616 ("HTTP headers only contain ASCII") and RFC 2396 ("here > is how to construct an URI from ASCII characters"), the "Location" header > should be formatted as: > {code} > Location: http://localhost:5984/test/xxx%C3%A9 > {code} > The "spray.io" framework warns against this invalid response when doing such > a request towards a CouchDB database. -- This message was sent by Atlassian JIRA (v6.3.4#6332)