Ticket Navigation

Ticket #7077 (new defect)

Opened 2 years ago

Last modified 10 months ago

[PATCH] Support clients that don't set HTTP_SOAPACTION header correctly

Reported by:	zackchandler	Assigned to:	kents
Priority:	normal	Milestone:	1.2.7
Component:	ActionWebService	Version:	edge
Severity:	normal	Keywords:
Cc:	dansketcher@gmail.com

Description

The W3C SOAP docs state:

"The SOAPAction HTTP request header field can be used to indicate the intent of the SOAP HTTP request. The value is a URI identifying the intent. SOAP places no restrictions on the format or specificity of the URI or that it is resolvable. An HTTP client MUST use this header field when issuing a SOAP HTTP Request."

"The presence and content of the SOAPAction header field can be used by servers such as firewalls to appropriately filter SOAP request messages in HTTP. The header field value of empty string ("") means that the intent of the SOAP message is provided by the HTTP Request-URI. No value means that there is no indication of the intent of the message."

http://www.w3.org/TR/2000/NOTE-SOAP-20000508/#_Toc478383528

The problem is that some SOAP clients issue a header value of "". That is two double-quotes, not an empty string. This is currently not handled correctly by AWS because of various gsub()ing and strip()ing. If the string is empty the request processing will stop.

This patch introduces a require_soap_action_header option that is set to true by default (the status quo). If this option is set to false then the processing will continue if the header is not present.

Attachments

soap_action_header_patch.diff (7.0 kB) - added by zackchandler on 01/16/07 06:04:47.

Change History

Download in other formats:

Rails Trac