cubicweb-signedrequest #3546688 Problem with the body of a POST signed request : wrong checking Content-MD5 in the header [rejected]
When the body of the POST request is checked and compared with the value of the 'Content-MD5' from the header, the stream can be at the end.
The MD5 sum on the body request can be carried out on an empty string instead of the body content. This implies an authentication failure despite the right Content-MD5 in the header.
|closed by||<not specified>|