From d08d53d8edfc51954402dd620ffb8df97dc995b5 Mon Sep 17 00:00:00 2001 From: Charles Kerr Date: Thu, 13 Aug 2009 16:50:50 +0000 Subject: [PATCH] (trunk libT) make the RPC 409 error message easier to understand --- libtransmission/rpc-server.c | 21 ++++++++++----------- 1 file changed, 10 insertions(+), 11 deletions(-) diff --git a/libtransmission/rpc-server.c b/libtransmission/rpc-server.c index d3c0b3392..ba4616674 100644 --- a/libtransmission/rpc-server.c +++ b/libtransmission/rpc-server.c @@ -629,17 +629,16 @@ handle_request( struct evhttp_request * req, void * arg ) { const char * sessionId = get_current_session_id( server ); char * tmp = tr_strdup_printf( - "

Please add this header to your HTTP requests:

" - "

%s: %s

" - "

RPC Application Developers:

" - "

As of Transmission 1.53 and 1.61, RPC clients " - "need to look for this 409 response containing the phrase \"invalid session-id\". " - "It occurs when the request's "TR_RPC_SESSION_ID_HEADER" header was missing " - "(such as during bootstrapping) or expired. " - "Either way, you can parse this response's headers for the new session-id.

" - "

This requirement has been added to make " - "CSRF" - " attacks more difficult.

", + "

Your request had an invalid session-id header.

" + "

To fix this, follow these steps:" + "

  1. When reading a response, get its X-Transmission-Session-Id header and remember it" + "
  2. Add the updated header to your outgoing requests" + "
  3. When you get this 409 error message, resend your request with the updated header" + "

" + "

This requirement has been added to help prevent " + "CSRF " + "attacks.

" + "

%s: %s

", TR_RPC_SESSION_ID_HEADER, sessionId ); evhttp_add_header( req->output_headers, TR_RPC_SESSION_ID_HEADER, sessionId ); send_simple_response( req, 409, tmp );