Details
Description
Summary
When accessing HipChat Server in a web browser with a cookie containing certain special characters, an invalid request error occurs.
Steps to Reproduce
This can be reproduced with a 'curl' to the HipChat Server:
curl 'https://example.hipchatserver.com/home' -H 'Cookie: C%40=023' --compressed Invalid Request curl 'https://example.hipchatserver.com/home' -H 'Cookie: C=023' --compressed <h1>302 - Found</h1><p><a href="https://examle.hipchatserver.com/sign_in?d=%2Fhome">https://example.hipchatserver.com/sign_in?d=%2Fhome</a></p>
This can be reproduced against https://example.hipchatserver.com/, as well.
Expected Results
Request will succeed and users are able to successfully access HipChat Server in a web browser.
Actual Results
An 'Invalid Request' error is returned in the web browser.
Workaround
- back up the HipChat Server as a precaution
- log into the HipChat Server terminal/command-line interface
- run the following commands to download the patch, make it executable, and run it:
wget https://s3.amazonaws.com/hipchat-server-stable/utils/clean-cookie-patch.sh chmod +x clean-cookie-patch.sh sudo dont-blame-hipchat -e "./clean-cookie-patch.sh"