coreos / updateservicectl

CoreUpdate Command Line Interface
https://coreos.com/products/coreupdate/
Apache License 2.0
48 stars 41 forks source link

hawk-go: Update to master plus tent/hawk-go#7 #113

Closed silas closed 8 years ago

silas commented 8 years ago

This normalizes how URL.RequestURI is used within the Hawk normalized request string.

crawford commented 8 years ago

Why?

silas commented 8 years ago

The motivation is so it works with coreupdate behind an nginx proxy.

The technical reason is because this project sets the Opaque property of the client request URL and hawk-go uses URL.RequestURI() to create the Hawk normalized request string. When URL.Opaque is not set this returns Path+?+RawQuery (which is correct according to the hawk reference implementation), otherwise it returns something else.

When nginx proxies requests to coreupdate it sets the absolute path in the request line instead of the absolute URL and invalidates the Hawk MAC.

crawford commented 8 years ago

Gotcha. Thanks.

crawford commented 8 years ago

LGTM