3

I have a simple comparison, I have checked that the strings are identical hmac hashes (base64 encoded), however this statement returns true from some reason. Why is Nginx not able to compare the strings correctly?

    if ($cookie_AUTHORIZATION != $signature ) { return 403; }
user1658296
  • 1,398
  • 2
  • 18
  • 46
  • What's your config look like for setting `$signature`? If you do something like `return 200 $signature` and `return 200 $cookie_AUTHORIZATION`, do you see any differences in output? – davidjb Jul 15 '16 at 11:21

0 Answers0