OAuth signing of PUT requests

2 views
Skip to first unread message

James Emerton

unread,
Dec 19, 2009, 9:08:35 PM12/19/09
to django-piston
I discovered today that the content of PUT requests is not signed via
OAuth. It also appears that POST requests where the request body is
not application/x-www-form-urlencoded are excluded from signing.

It appears that the correct check was in place before aaf0c2d64294
[1] I suspect that the code was commented for testing/debugging
reasons and Jesper forgot to uncomment it. I'd just like to verify
that assumption.


I'm also interested in implementing request body signing as per [2].
Does anyone have any comments before I begin?

James

[1] http://bitbucket.org/jespern/django-piston/changeset/aaf0c2d64294/
[2] http://oauth.googlecode.com/svn/spec/ext/body_hash/1.0/oauth-bodyhash.html

Reply all
Reply to author
Forward
0 new messages