[pve-devel] API: Problem with special characters in cookie ticket

Floris Bos / Maxnet bos at je-eigen-domein.nl
Mon Dec 26 15:13:21 CET 2011


Hi,

We noticed a problem when using the Zend_HTTP_Client class that comes 
with the Zend PHP framework to access the Proxmox 2 API.
It seems Zend automatically urlencodes any cookie you set with 
->setCookie(), and Proxmox does not accept that

==
GET /api2/json/nodes HTTP/1.1
Host: 1.2.3.4:8006
User-Agent: Zend_Http_Client
Cookie: 
PVEAuthCookie=PVE%3Aroot%40pam%3A4EF87A2F%3A%3ASSccO4dTWRlF8MtMGdPhUGjO16PoQ1XrN6Ywp0Q5j7t%2BXrKmLGXns0OcV98r%2FcAkF%2BdXMblr%2FktZVmE3Y1LNAtvSs2VCV%2BOxA6HZ7JTmohvVLaGiBNYeGRvukUMzEHSG7LALD4L3IdCyWLVN%2B11BhWRCG44wIW%2B6kgOjcAD4tNTrGlb9ykpcVYu0Qn%2FwnstmIKEPkxMCcTXsMpnJnM9UIGFOzfUCRfXq5SrQ1xWAUG2ESnYXatwh7cnLuAwgpfhVvEMeM5Hd6ZW%2Frjw%2F8Kv4g0Z1QKbw1yiw1trsMKoisYHbltKqt6OBFx%2Fv%2FkGDYpXBpAAS6Q2zaSevB9JqqgtkfA%3D%3D;

HTTP/1.1 401 permission denied - invalid ticket
==


Not sure if it is only Zend that does that, or if there might be other 
HTTP clients that do the same.
But perhaps Proxmox could either avoid special characters in the ticket, 
or test if the value starts with "PVE%3A" and urldecode the cookie if 
that is the case, to avoid any interoperability issues?

-- 
Yours sincerely,

Floris Bos



More information about the pve-devel mailing list