Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

http security issue #1844

Closed
mandric opened this issue Jan 25, 2016 · 1 comment
Closed

http security issue #1844

mandric opened this issue Jan 25, 2016 · 1 comment
Labels
Type: Bug Fix something that isn't working as intended Won't fix: Ancient Too old to investigate
Milestone
Iteration 2016-05...

Comments

@mandric
Copy link
Contributor

mandric commented Jan 25, 2016

No description provided.

@mandric mandric self-assigned this Jan 25, 2016
@mandric mandric mentioned this issue Feb 4, 2016
Merged
@mandric mandric assigned ghost and unassigned mandric Feb 4, 2016
@alxndrsn alxndrsn unassigned ghost Feb 4, 2016
@alxndrsn alxndrsn closed this as completed Feb 4, 2016
@garethbowen garethbowen added the Type: Bug Fix something that isn't working as intended label Feb 4, 2016
@mandric
Copy link
Contributor Author

mandric commented Feb 9, 2016

Dev branches have been patched and issue opened upstream apache/nano#311.

garethbowen pushed a commit that referenced this issue Oct 24, 2017
sanitize requests in the forms controller. Issue #1844
beb2a7c 
Added a `db.sanitizeResponse` that can be called from any controller.  The only
problematic function right now is `forms.getForm` because it returned headers
coming from nano.  Sanitized those headers by removing `uri` and `statusCode`
and wrote tests around it.  This could potentially leak auth information to the
client.  See https://github.com/dscape/nano/blob/master/lib/nano.js#L195

TODO: open issue in nano project and patch
garethbowen pushed a commit that referenced this issue Oct 24, 2017
mock db.medic.attachment better to fix tests. Issue #1844
d055132
garethbowen pushed a commit that referenced this issue Oct 24, 2017
updated comment for nano issue. Issue #1844
84a8763
garethbowen pushed a commit that referenced this issue Oct 24, 2017
removed cruft from forms controller. Issue #1844
d659bb6
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Type: Bug Fix something that isn't working as intended Won't fix: Ancient Too old to investigate
Projects
None yet
Milestone
Iteration 2016-05: Living Goods Perfo...
Development

No branches or pull requests
3 participants
@mandric @alxndrsn @garethbowen