atomic-server icon indicating copy to clipboard operation
atomic-server copied to clipboard

Published 20 hours ago verified publisher icon atomicdata-dev

URL encoding bug: "Incorrect signature" when creating resources with special characters in URL

Open joepio opened this issue 4 months ago • 0 comments

  • Create a drive with a non-URL allowed special character (e.g. an emoji) in the name
  • Refresh the page
  • "incorrect signature error"
  • Using websockets (retry) works

Thoughts

  • AtomicServer does not have appropriate URL checking at this point. This could be the explanation for why websockets works, but HTTP doesn't.

Cause

  • Not clear. Perhaps something in

Fix

Only allow a small subset of chars in subjects

  • Don't allow complex URL encoding stuff that is error prone
  • Server throws an error if any illegal character is present in subject.
  • Makes some existing, valid URLs not compatible.

Resource.setSubject throws error if invalid

joepio avatar Apr 15 '24 13:04 joepio