[AMAGENTS-42] Percent encoded hash (#) (%23) is handled incorrectly during policy evaluation Created: 11/Mar/16 Updated: 13/Apr/17 Resolved: 01/Dec/16
|Component/s:||Doc, Web Agents|
|Affects Version/s:||3.3.4, 4.0.0|
|Fix Version/s:||220.127.116.11, 4.1.0|
|Reporter:||Ian Packer [X] (Inactive)||Assignee:||Chris Lee|
|Labels:||AMAgent, AME, SHAKESPEARE, incomplete-spec, interface, release-notes, test-candidate|
|Remaining Estimate:||Not Specified|
|Time Spent:||Not Specified|
|Original Estimate:||Not Specified|
|Sprint:||Sprint 115 Team Shakespeare|
|Support Ticket IDs:|
|Epic Link:||Docs: Agents 4.1.0 Release|
Steps to reproduce
1) Setup OpenAM with Web Agent (3.3.x or 4.0.x)
Access is denied
Access is allowed
Adding a rule for www.example.com/test#test or # works, but this is not a good workaround because the file could include many encoded # characters and each variation of this would require it's own rule.
I think the two key points are:
In OpenAM the wildcard character stops at a literal # character (much like ?).
|Comment by Peter Major [X] (Inactive) [ 11/Mar/16 ]|
Sounds like the agent shouldn't decode the %23 character when performing the policy evaluation. The server side code will always parse the URL, and then a literal # will be taken as the fragment, hence rule matching may not work as expected.
|Comment by edwardb [ 14/Oct/16 ]|
Verified with OpenAM13.0.0 and Agent 4.1.0
|Comment by Chris Lee [ 07/Nov/16 ]|
To appear in the release notes queries the Jira must:
Where there is some manual documentation work to perform, for example a breaking change from a previous version, please create us a separate documentation Jira.