-
Notifications
You must be signed in to change notification settings - Fork 34
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
_build_request_url does not accept port #76
Comments
I think that port should be a part of baseUrl in this case. |
Yes, it resolves the issue, but my point is that this should not throw the error when you configure it without the port. if urllib.parse.urlparse(self.url).netloc == urllib.parse.urlparse(path).netloc |
The strict check was done for security reasons. Unfortunately
Secondly, we need to check a path as well. In some cases, more than only the FHIR server can be launched on the same domain.
In case of FHIR server misconfiguration, it is possible that during pagination the request may be sent to the wrong URL that handles with another software. It will cause token exposure. |
When it shall be really strict we need to have the match of the exact url and derive the default port when not given. parsed_next = urllib.parse.urlparse(self.url)
if parsed_next.port!='':
parsed = urllib.parse.urlparse(path)
if parsed.port == '' and parsed.scheme == "https":
path=parsed.scheme+'://'+ parsed.netloc+':443'+ parsed.path
if self.url in path: |
When using paginated requests the returned URL may contain the port. This results in the check in
fhir-py/fhirpy/base/lib.py
Line 81 in 4296920
to raise an exception although the base URL is the same.
E.g. it crashes with
The text was updated successfully, but these errors were encountered: