search

google-code-export / rubycas-client

Automatically exported from code.google.com/p/rubycas-client
1 stars 1 forks source link

security error #14

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. i was using svn:external to have latest rubycas-client
2. it appears it was upgraded, so i adapt my setup for the new version
3. unfortunatly using rails 2.0 and the new session system, removing the
old cas to upgrade to the new one make the application to creash with an
internal error :
  "Session contains objects whose class definition isn't available.
Remember to require the classes for all objects kept in the session.
(Original exception: uninitialized constant CAS [NameError])"
it would be nice to warn about this when upgrading
4. using firefox/firebug/noscript i finally get a security error:
"uncaught exception: Security Error: Content at http://host/?ticket=ticket
may not load data from http://cas/server...."
5. i'm going to downgrade now :-)

Original issue reported on code.google.com by leaul...@gmail.com on 18 Feb 2008 at 9:38

GoogleCodeExporter commented 9 years ago 
I pushed the 2.0 release to trunk but forgot to add the check for old 
config/session
data. I've added a check for this now, so when the upgrade occurs you should 
get a
warning about changing your config and wiping your session store.

Thanks for reporting this!

Original comment by matt.zuk...@gmail.com on 19 Feb 2008 at 7:35