http driver ignores query part of URI in redirects.
Bug #1633860 reported by
Willy De la Court
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
glance_store |
Fix Released
|
Medium
|
Pavlo Shchelokovskyy |
Bug Description
I tried to get this image.
https:/
which redirects to
but the http driver ignores the query part and this generates a "403 Access Denied" from amazonaws.
To post a comment you must log in.
So, it's not clear why, but the Location class for the HTTP store driver specifically deconstructs the URI and then reconstructs it without a using all the parts of the parsed URI. This may be an attempt at security hardening, but it may also just be an omission. That much is not clear to me in the slightest. (Honestly, I can't imagine what the security impact of including query parameters after a redirect would be, but I'm not the most imaginative person.)