Bad Request - Referer Must Match Host
1,231 views
Skip to first unread message
Tim Doherty
Jan 29, 2013, 1:07:31 PM1/29/13
to us...@couchdb.apache.org
Hi all,
I'm running CouchDB 1.2.1 behind Nginx 1.2.6, and trying to push an attachment via AJAX per the futon.browse.js script. I get a 400 bad request, with JSON payload {"error":"bad_request","reason":"Referer header must match host."} no matter how I configure the host/referer headers
<form id="attachment-form" method="post" action="">
<input id="_attachments" type="file" name="_attachments"/>
<input type='hidden' name='_rev' value="{{_rev}}"/>
</form>
var id = $.cookies.get('id');
var options = {
//target: '',
url: '/assets/' + id,
success: function(data) {
alert('upload successful');
}
};
$("#attachment-form").ajaxSubmit(options);
Nginx is configured per the wiki, (http://wiki.apache.org/couchdb/Nginx_As_a_Reverse_Proxy) and then explicitly matching host and referer headers:
location /assets {
proxy_pass http://localhost:5984;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header Referer $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
rewrite /doc/(.*) /arp/$1 break;
}
Setting the Couch log level to debug confirms matching host and referer headers:
[Tue, 29 Jan 2013 17:54:59 GMT] [debug] [<0.1047.0>] 'POST' /arp/7bd8504fe08942fda541c27d59d40bc0 {1,0} from "127.0.0.1"
Headers: [{'Accept',"*/*"},
{'Accept-Encoding',"gzip, deflate"},
{'Accept-Language',"en-US,en;q=0.5"},
{'Cache-Control',"no-cache"},
{'Connection',"close"},
{'Content-Length',"13316"},
{'Content-Type',"multipart/form-data; boundary=---------------------------24703444631593"},
{'Cookie',"__utma=111872281.1437496111.1310764531.1311187227.1332282819.13; iW.Search.Accordion.SelectedPaneIndex=0; sid=e903edda66c48afb8b79f1b7825f49bc; id=7bd8504fe08942fda541c27d59d40bc0; role=vendor"},
{'Host',"localhost"},
{'Pragma',"no-cache"},
{'Referer',"localhost"},
{'User-Agent',"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"},
{'X-Forwarded-For',"127.0.0.1"},
{"X-Real-Ip","127.0.0.1"},
{"X-Requested-With","XMLHttpRequest"}]
[Tue, 29 Jan 2013 17:54:59 GMT] [debug] [<0.1047.0>] OAuth Params: []
[Tue, 29 Jan 2013 17:54:59 GMT] [debug] [<0.1047.0>] Minor error in HTTP request: {bad_request,
<<"Referer header must match host.">>}
[Tue, 29 Jan 2013 17:54:59 GMT] [debug] [<0.1047.0>] Stacktrace: [{couch_httpd,validate_referer,1},
{couch_httpd_db,db_doc_req,3},
{couch_httpd_db,do_db_req,2},
{couch_httpd,handle_request_int,5},
{mochiweb_http,headers,5},
{proc_lib,init_p_do_apply,3}]
[Tue, 29 Jan 2013 17:54:59 GMT] [info] [<0.1047.0>] 127.0.0.1 - - POST /arp/7bd8504fe08942fda541c27d59d40bc0 400
[Tue, 29 Jan 2013 17:54:59 GMT] [debug] [<0.1047.0>] httpd 400 error response:
{"error":"bad_request","reason":"Referer header must match host."}
I'm stumped. Any help greatly appreciated.
Thanks,
Tim
I'm running CouchDB 1.2.1 behind Nginx 1.2.6, and trying to push an attachment via AJAX per the futon.browse.js script. I get a 400 bad request, with JSON payload {"error":"bad_request","reason":"Referer header must match host."} no matter how I configure the host/referer headers
<form id="attachment-form" method="post" action="">
<input id="_attachments" type="file" name="_attachments"/>
<input type='hidden' name='_rev' value="{{_rev}}"/>
</form>
var id = $.cookies.get('id');
var options = {
//target: '',
url: '/assets/' + id,
success: function(data) {
alert('upload successful');
}
};
$("#attachment-form").ajaxSubmit(options);
Nginx is configured per the wiki, (http://wiki.apache.org/couchdb/Nginx_As_a_Reverse_Proxy) and then explicitly matching host and referer headers:
location /assets {
proxy_pass http://localhost:5984;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header Referer $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
rewrite /doc/(.*) /arp/$1 break;
}
Setting the Couch log level to debug confirms matching host and referer headers:
[Tue, 29 Jan 2013 17:54:59 GMT] [debug] [<0.1047.0>] 'POST' /arp/7bd8504fe08942fda541c27d59d40bc0 {1,0} from "127.0.0.1"
Headers: [{'Accept',"*/*"},
{'Accept-Encoding',"gzip, deflate"},
{'Accept-Language',"en-US,en;q=0.5"},
{'Cache-Control',"no-cache"},
{'Connection',"close"},
{'Content-Length',"13316"},
{'Content-Type',"multipart/form-data; boundary=---------------------------24703444631593"},
{'Cookie',"__utma=111872281.1437496111.1310764531.1311187227.1332282819.13; iW.Search.Accordion.SelectedPaneIndex=0; sid=e903edda66c48afb8b79f1b7825f49bc; id=7bd8504fe08942fda541c27d59d40bc0; role=vendor"},
{'Host',"localhost"},
{'Pragma',"no-cache"},
{'Referer',"localhost"},
{'User-Agent',"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0"},
{'X-Forwarded-For',"127.0.0.1"},
{"X-Real-Ip","127.0.0.1"},
{"X-Requested-With","XMLHttpRequest"}]
[Tue, 29 Jan 2013 17:54:59 GMT] [debug] [<0.1047.0>] OAuth Params: []
[Tue, 29 Jan 2013 17:54:59 GMT] [debug] [<0.1047.0>] Minor error in HTTP request: {bad_request,
<<"Referer header must match host.">>}
[Tue, 29 Jan 2013 17:54:59 GMT] [debug] [<0.1047.0>] Stacktrace: [{couch_httpd,validate_referer,1},
{couch_httpd_db,db_doc_req,3},
{couch_httpd_db,do_db_req,2},
{couch_httpd,handle_request_int,5},
{mochiweb_http,headers,5},
{proc_lib,init_p_do_apply,3}]
[Tue, 29 Jan 2013 17:54:59 GMT] [info] [<0.1047.0>] 127.0.0.1 - - POST /arp/7bd8504fe08942fda541c27d59d40bc0 400
[Tue, 29 Jan 2013 17:54:59 GMT] [debug] [<0.1047.0>] httpd 400 error response:
{"error":"bad_request","reason":"Referer header must match host."}
I'm stumped. Any help greatly appreciated.
Thanks,
Tim
Tim Doherty
Jan 29, 2013, 3:58:21 PM1/29/13
to us...@couchdb.apache.org
Solved. I compared the Couch log entry for a successful upload from futon.browse.js and modified Nginx.conf as follows:
proxy_set_header Host $host:$proxy_port;
proxy_set_header Referer http://$host:$proxy_port/arp/$1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
rewrite /assets/(.*) /arp/$1 break;
}
Thanks,
Tim
proxy_set_header Host $host:$proxy_port;
proxy_set_header Referer http://$host:$proxy_port/arp/$1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
rewrite /assets/(.*) /arp/$1 break;
}
Thanks,
Tim
Reply all
Reply to author
Forward
0 new messages