[asterisk-dev] built in Http auth not working with 'non-browser' requests...
Tilghman Lesher
tilghman at mail.jeffandtilghman.com
Tue Jun 3 09:53:57 CDT 2008
On Tuesday 03 June 2008 08:14:26 Tim Panton wrote:
> I'm writing some code that lets Oracle talk to the manager api
>
> (Initially just to get status and originate calls - but I may extend
> it to do meetme etc at some point)
>
> I'm using the http->xml-> manager route.
> I couldn't understand why I couldn't get http requests sent from
> authenticated by asterisk.
>
> It turns out that the built-in http client in PLSQL sends cookie
> headers that look like this:
> Cookie: mansession_id=********
> but asterisk expects
> Cookie: mansession_id="********"
> It's simple to fix, but took me too long to find.
>
> What I don't know is if this is a bug in Oracle or Asterisk :-)
Probably a bug in Asterisk. As stated in RFC 2109, the original specification
left off quotes, so for compatibility with historical implementations, the
quotes are optional. We may want to start implementing RFC 2965, which uses
the alternate Set-Cookie2 syntax, as a better differentiator. The alternate
syntax requires the use of quotes, although it specifies that a client should
fallback to the earlier Set-Cookie syntax if the client does not understand
the Set-Cookie2 header.
--
Tilghman
More information about the asterisk-dev
mailing list