Loading...

This issue belongs to an archived project. You can view it, but you can't modify it. Learn more

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Low
Fix Version/s: None
Affects Version/s: HCS 1.3.5, HCS 1.3.4, HCS 1.3.7
Component/s: Login, Website
Labels:
- BTF
- not-hcpd

Symptom Severity:
Severity 3 - Minor

Description

Summary

When accessing HipChat Server in a web browser with a cookie containing certain special characters, an invalid request error occurs.

Steps to Reproduce

This can be reproduced with a 'curl' to the HipChat Server:

curl 'https://example.hipchatserver.com/home' -H 'Cookie: C%40=023' --compressed
Invalid Request

curl 'https://example.hipchatserver.com/home' -H 'Cookie: C=023' --compressed
<h1>302 - Found</h1><p><a href="https://examle.hipchatserver.com/sign_in?d=%2Fhome">https://example.hipchatserver.com/sign_in?d=%2Fhome</a></p>

This can be reproduced against https://example.hipchatserver.com/, as well.

Expected Results

Request will succeed and users are able to successfully access HipChat Server in a web browser.

Actual Results

An 'Invalid Request' error is returned in the web browser.

Workaround

back up the HipChat Server as a precaution
log into the HipChat Server terminal/command-line interface

run the following commands to download the patch, make it executable, and run it:

wget https://s3.amazonaws.com/hipchat-server-stable/utils/clean-cookie-patch.sh
chmod +x clean-cookie-patch.sh
sudo dont-blame-hipchat -e "./clean-cookie-patch.sh"

Attachments

Issue Links

mentioned in: Page Loading...; Page Loading...

Activity

People

Assignee:: Derek Bredensteiner (Inactive)

Reporter:: Shanye

Archiver:: Michael Andreacchio

Dates

Created:: 30/Dec/2015 11:09 PM

Updated:: 11/Nov/2016 7:36 PM

Resolved:: 22/Apr/2016 5:42 PM

Archived:: 16/Jun/2020 5:19 AM