Skip to content

Verb of object session token is not checked #1191

New issue
New issue
Closed
#1203
Closed
Verb of object session token is not checked#1191
#1203
Assignees
fyrchik
Labels
bugSomething isn't working
Milestone
v0.28.0
@cthulhu-rider

Description

@cthulhu-rider
cthulhu-rider
opened on Feb 21, 2022

Originally posted by @KirillovDenis

Verb of the session token attached to the object request should correspond to the operation.

Expected Behavior

Storage nodes denies request with wrong token verb.

Current Behavior

Request is processed.

Possible solution

Node can:

  1. Deny the request.
  2. Ignore session token and process the request without it.

IMO 1. is more clear.

Steps to Reproduce (for bugs)

  1. Attach session token with verb other than the object request one.
  2. Send the request.
  3. Receive OK status.

Your Environment

  • Version used: v0.27.5

Metadata

Metadata

Assignees

Labels

bugSomething isn't working

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions