Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Verify v2 client requesting directory hosted with intermediate path elements sets subdirectory ID correctly #416

Open
nothingmuch opened this issue Nov 28, 2024 · 2 comments · Fixed by #448
Open

Verify v2 client requesting directory hosted with intermediate path elements sets subdirectory ID correctly #416

nothingmuch opened this issue Nov 28, 2024 · 2 comments · Fixed by #448
Assignees
@nothingmuch
Milestone
payjoin-1.0

Comments

@nothingmuch
Copy link
Collaborator

If the directory is deployed behind e.g. a reverse proxy and requests are rewritten exposing the public URI with a path, the current behavior of the pj_url derivation is to replace the path in its entirety.

In some places in the code .join is used, appending the subdirectory ID but the sender uses set_path as well.
@nothingmuch nothingmuch self-assigned this Nov 28, 2024
@nothingmuch nothingmuch mentioned this issue Nov 28, 2024
Merged
@nothingmuch nothingmuch mentioned this issue Dec 28, 2024
Draft
DanGould added a commit to DanGould/rust-payjoin that referenced this issue Dec 29, 2024
@DanGould
Join subdir to base pj URL to preserve path
0a35d3c 
Fix payjoin#416

Without this change a base URL subpath e.g. https://payjo.in/dir-path/
would be overwritten when V2Context.extract_req was called and
incorrectly produce a request to https://payjo.in/subdir instead of
https://payjo.in/dir-path/subdir.
DanGould added a commit to DanGould/rust-payjoin that referenced this issue Dec 29, 2024
@DanGould
Join subdir to base pj URL to preserve path
12c280b 
Fix payjoin#416

Without this change a base URL subpath e.g. https://payjo.in/dir-path/
would be overwritten when V2GetContext.extract_req was called and
incorrectly produce a request to https://payjo.in/subdir instead of
https://payjo.in/dir-path/subdir.
DanGould added a commit to DanGould/rust-payjoin that referenced this issue Dec 29, 2024
@DanGould
Join subdir to base pj URL to preserve path
b5ba0df 
Fix payjoin#416

Without this change a base URL subpath e.g. https://payjo.in/dir-path/
would be overwritten when V2GetContext.extract_req was called and
incorrectly produce a request to https://payjo.in/subdir instead of
https://payjo.in/dir-path/subdir.
@DanGould DanGould mentioned this issue Dec 29, 2024
Merged
DanGould added a commit to DanGould/rust-payjoin that referenced this issue Dec 29, 2024
@DanGould
Join subdir to base pj URL to preserve path
4ff1bef 
Fix payjoin#416

Without this change a base URL subpath e.g. https://payjo.in/dir-path/
would be overwritten when V2GetContext.extract_req was called and
incorrectly produce a request to https://payjo.in/subdir instead of
https://payjo.in/dir-path/subdir.
DanGould added a commit to DanGould/rust-payjoin that referenced this issue Dec 29, 2024
@DanGould
Join subdir to base pj URL to preserve path
df9c5b8 
Fix payjoin#416

Without this change a base URL subpath e.g. https://payjo.in/dir-path/
would be overwritten when V2GetContext.extract_req was called and
incorrectly produce a request to https://payjo.in/subdir instead of
https://payjo.in/dir-path/subdir.
@DanGould
Copy link
Contributor

Fixed by #448

@DanGould
Copy link
Contributor

Because of our tangled arch this was difficult to verify even though it was probably resolved. Leaving this open until we have a proper test that a directory hosted with additional path elements beyond the host is verified as functional in the v2 flow.

@DanGould DanGould reopened this Dec 29, 2024
@DanGould DanGould changed the title Don't use set_path to set subdirectory ID Verify v2 client requesting directory hosted with intermediate path elements sets subdirectory ID correctly Dec 29, 2024
@DanGould DanGould added this to the payjoin-1.0 milestone Jan 3, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nothingmuch nothingmuch

Labels
None yet
Projects
Payjoin Roadmap 📝
Status: Done
Milestone
payjoin-1.0
Development

Successfully merging a pull request may close this issue.

Join subdir to base pj URL to preserve path DanGould/rust-payjoin
2 participants
@nothingmuch @DanGould