-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
csp header parameters require semicolon separated list but seen as comment in .ini file #4651
Labels
Comments
Just tested 3.2.3 and it is loading the values correctly |
Thank you for your report @mohmesflir. That does look like a bug. We'll try to investigate and have fix in the next release. |
nickva
added a commit
that referenced
this issue
Jun 22, 2023
Config values may contain `;` in them as long as `;` is not preceeded by a space or a tab character. Fixes: #4651
nickva
added a commit
that referenced
this issue
Jun 22, 2023
Config values may contain `;` in them as long as `;` is not preceded by a space or a tab character. Fixes: #4651
nickva
added a commit
that referenced
this issue
Jun 22, 2023
Config values may contain `;` in them as long as `;` is not preceded by a space or a tab character. Fixes: #4651
@mohmesflir this PR should fix the issue #4653 |
nickva
added a commit
that referenced
this issue
Jun 22, 2023
Config values may contain `;` in them as long as `;` is not preceded by a space or a tab character. Fixes: #4651
nickva
added a commit
that referenced
this issue
Nov 22, 2023
Config values may contain `;` in them as long as `;` is not preceded by a space or a tab character. Fixes: #4651
nickva
added a commit
that referenced
this issue
Nov 22, 2023
Config values may contain `;` in them as long as `;` is not preceded by a space or a tab character. Fixes: #4651
nickva
added a commit
that referenced
this issue
Nov 23, 2023
Config values may contain `;` in them as long as `;` is not preceded by a space or a tab character. Fixes: #4651
nickva
added a commit
that referenced
this issue
Nov 23, 2023
Config values may contain `;` in them as long as `;` is not preceded by a space or a tab character. Fixes: #4651
nickva
added a commit
that referenced
this issue
Nov 23, 2023
Config values may contain `;` in them as long as `;` is not preceded by a space or a tab character. Fixes: #4651
nickva
added a commit
that referenced
this issue
Nov 24, 2023
Config values may contain `;` in them as long as `;` is not preceded by a space or a tab character. Fixes: #4651
nickva
added a commit
that referenced
this issue
Nov 27, 2023
Config values may contain `;` in them as long as `;` is not preceded by a space or a tab character. Fixes: #4651
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
The [csp] header parameters (attachments_header_value, showlist_header_value, utils_header_value, and [depreciated] header_value) require a semicolon separated list but the interpreter sees the semicolon as the start of a comment and so only the first list item is loaded from the .ini file.
Steps to Reproduce
From default.ini, an example CSP section may look like:
and this can be saved in the local.d ini file using the config tool. However, when the service is restarted, only the first item in each list is loaded because the first semicolon is seen as the start of a comment.
Manually changing the settings in localhost:5984/_utils/#_config/couchdb@localhost to:
After restarting the service this is what you get:
Everything after the first semicolon is missing.
Expected Behaviour
Unfortunately CSP requires the semicolon separation and will not accept a comma. If these semicolons are changed to commas then the list reloads but fails to actually work when trying to load webpages served by the CouchDB server. So either:
Your Environment
The text was updated successfully, but these errors were encountered: