cloudstack-cloudmonkey icon indicating copy to clipboard operation
cloudstack-cloudmonkey copied to clipboard
verified publisher icon apache

network: when using API key & secret key drop params

Open rohityadavcloud opened this issue 1 year ago • 1 comments

Params need to be dropped as apikey & secretkey based URL has all the params and it causes signature validation issues when the same params are also posted again. For example, add host API with username, password params.

rohityadavcloud avatar May 04 '24 12:05 rohityadavcloud

Steps to reproduce the issue:

  • Create profile with only apikey and secret key set
  • Try to add a host, it fails with HTTP 401, on deep dive - it appears signature fails to match

Fix: don't send both encoded params as part of the URL and also param that may be posted.

rohityadavcloud avatar May 04 '24 12:05 rohityadavcloud