[pve-devel] API: Problem with special characters in cookie ticket
Floris Bos / Maxnet
bos at je-eigen-domein.nl
Mon Dec 26 15:13:21 CET 2011
Hi,
We noticed a problem when using the Zend_HTTP_Client class that comes
with the Zend PHP framework to access the Proxmox 2 API.
It seems Zend automatically urlencodes any cookie you set with
->setCookie(), and Proxmox does not accept that
==
GET /api2/json/nodes HTTP/1.1
Host: 1.2.3.4:8006
User-Agent: Zend_Http_Client
Cookie:
PVEAuthCookie=PVE%3Aroot%40pam%3A4EF87A2F%3A%3ASSccO4dTWRlF8MtMGdPhUGjO16PoQ1XrN6Ywp0Q5j7t%2BXrKmLGXns0OcV98r%2FcAkF%2BdXMblr%2FktZVmE3Y1LNAtvSs2VCV%2BOxA6HZ7JTmohvVLaGiBNYeGRvukUMzEHSG7LALD4L3IdCyWLVN%2B11BhWRCG44wIW%2B6kgOjcAD4tNTrGlb9ykpcVYu0Qn%2FwnstmIKEPkxMCcTXsMpnJnM9UIGFOzfUCRfXq5SrQ1xWAUG2ESnYXatwh7cnLuAwgpfhVvEMeM5Hd6ZW%2Frjw%2F8Kv4g0Z1QKbw1yiw1trsMKoisYHbltKqt6OBFx%2Fv%2FkGDYpXBpAAS6Q2zaSevB9JqqgtkfA%3D%3D;
HTTP/1.1 401 permission denied - invalid ticket
==
Not sure if it is only Zend that does that, or if there might be other
HTTP clients that do the same.
But perhaps Proxmox could either avoid special characters in the ticket,
or test if the value starts with "PVE%3A" and urldecode the cookie if
that is the case, to avoid any interoperability issues?
--
Yours sincerely,
Floris Bos
More information about the pve-devel
mailing list