We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
When you submit an api request Talaria requires the "X-Webpa-Device-Name" header, but it doesn't validate it against the message.
e.g.
curl -i -H "Authorization:$basicauth" -H "Content-Type:application/json" -H "Accept:application/json" --data-binary '@SimpleApiRequestMessage.json' -X POST https://$a:8080/api/v2/device/send
results in a 400
{"code": 400, "message": "Could extract device id: Missing device name header"}
whereas :
export b=mac:112233445566 curl -i -H "Authorization:$basicauth" -H "Content-Type:application/json" -H "Accept:application/json" --data-binary '@SimpleApiRequestMessage.json' -X POST https://$a:8080/api/v2/device/send -H "X-Webpa-Device-Name:$b"
will succeed even if $b does not match the device inside the SimpleApiRequestMessage.json which is set to
$b
"dest":"mac:4ca155000006/config",
It appears that talaria doesn't use or validate against this header. A request without the dest field will fail with a 400.
The text was updated successfully, but these errors were encountered:
This was a design decision from very early in the project's life, years ago. There's no bug here, and it shouldn't hold up any deployments.
As to whether things should still work this way, that's a question for @schmidtw
Sorry, something went wrong.
After discussions, we decided talaria should no longer require this header. We should also then change scytale so it no longer sends such header.
X-Webpa-Device-Name
joe94
Successfully merging a pull request may close this issue.
When you submit an api request Talaria requires the "X-Webpa-Device-Name" header, but it doesn't validate it against the message.
e.g.
results in a 400
whereas :
will succeed even if
$b
does not match the device inside the SimpleApiRequestMessage.json which is set toIt appears that talaria doesn't use or validate against this header. A request without the dest field will fail with a 400.
The text was updated successfully, but these errors were encountered: