Handle error when Origin header value is not IRI#1738
Merged
Uh oh!
There was an error while loading. Please reload this page.
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters
csarvenforce-pushed the fix/acl-checker/origin-non-iri-error-handling branch from f85a4bc to 401d5f2Compare
ewingson approved these changes Oct 1, 2023
Contributor
ewingson left a comment
ewingson left a comment There was a problem hiding this comment.
happy to review.
Sarven has tested it as in https://app.element.io/#/room/!YCVoUIVohPTofEksKL:matrix.org/$hkj5YAplQrKLQaAxt6ZKCR4vbvUU94Y4lpwH0hm4ugg
LGTM
bourgeoa changed the base branch from main to csarvenfix/acl-checker/origin-non-iri-error-handling
bourgeoa merged commit 72a3a69 into nodeSolidServer:csarvenfix/acl-checker/origin-non-iri-error-handlingSign up for freeto join this conversation on GitHub. Already have an account? Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Server breaks when
Originheader value is not an IRI. See:node-solid-server/lib/acl-checker.js
Line 31 in 958a6ef
calling
rdf.symwhere an Error is thrown but it is not caught.Following examples typically return 200:
$ curl -i https://example.org/ $ curl -iH 'Origin: https://example.net' https://example.org/Following examples breaks the script (
bin/solid.js). 500 returned.There may be a better way to fix this issue than what's in this PR but I'll leave it in the hands of folks that can do better.