[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Guile-commits] 01/06: web: send capitalized authorization header scheme
From: |
Ludovic Courtès |
Subject: |
[Guile-commits] 01/06: web: send capitalized authorization header scheme |
Date: |
Mon, 4 Jul 2022 05:52:40 -0400 (EDT) |
civodul pushed a commit to branch main
in repository guile.
commit a84d8f6473979e5967e7eafa0a46ab74e12cc036
Author: Aleix Conchillo Flaqué <aconchillo@gmail.com>
AuthorDate: Fri Jun 24 09:34:53 2022 -0700
web: send capitalized authorization header scheme
* module/web/http.scm (write-credentials): capitalize authorization
header scheme. The standard allows the scheme to be case-insensitive,
however most libraries out there expect the scheme to be capitalized,
which is what it is actually used in RFC
docs (e.g. https://datatracker.ietf.org/doc/html/rfc7617#section-2). Some
libraries even reject lowercase scheme making Guile incompatible.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
---
module/web/http.scm | 14 ++++++++++++--
test-suite/tests/web-http.test | 11 ++++++++---
2 files changed, 20 insertions(+), 5 deletions(-)
diff --git a/module/web/http.scm b/module/web/http.scm
index 4276e1744..6af790384 100644
--- a/module/web/http.scm
+++ b/module/web/http.scm
@@ -962,13 +962,23 @@ as an ordered alist."
(((? symbol?) . (? key-value-list?)) #t)
(_ #f)))
+;; While according to RFC 7617 Schemes are case-insensitive:
+;;
+;; 'Note that both scheme and parameter names are matched
+;; case-insensitive'
+;;
+;; some software (*) incorrectly assumes title case for scheme
+;; names, so use the more titlecase.
+;;
+;; (*): See, e.g.,
+;;
https://community.spotify.com/t5/Spotify-for-Developers/API-Authorization-header-doesn-t-follow-HTTP-spec/m-p/5397381#M4917
(define (write-credentials val port)
(match val
(('basic . cred)
- (put-string port "basic ")
+ (put-string port "Basic ")
(put-string port cred))
((scheme . params)
- (put-symbol port scheme)
+ (put-string port (string-titlecase (symbol->string scheme)))
(put-char port #\space)
(write-key-value-list params port))))
diff --git a/test-suite/tests/web-http.test b/test-suite/tests/web-http.test
index 63377349c..5c6a954b9 100644
--- a/test-suite/tests/web-http.test
+++ b/test-suite/tests/web-http.test
@@ -336,9 +336,14 @@
(pass-if-parse authorization "Digest foooo" '(digest foooo))
(pass-if-parse authorization "Digest foo=bar,baz=qux"
'(digest (foo . "bar") (baz . "qux")))
- (pass-if-round-trip "Authorization: basic foooo\r\n")
- (pass-if-round-trip "Authorization: digest foooo\r\n")
- (pass-if-round-trip "Authorization: digest foo=bar, baz=qux\r\n")
+ (pass-if-parse authorization "basic foooo" '(basic . "foooo"))
+ (pass-if-parse authorization "digest foooo" '(digest foooo))
+ (pass-if-parse authorization "digest foo=bar,baz=qux"
+ '(digest (foo . "bar") (baz . "qux")))
+ (pass-if-round-trip "Authorization: Basic foooo\r\n")
+ (pass-if-round-trip "Authorization: Bearer token\r\n")
+ (pass-if-round-trip "Authorization: Digest foooo\r\n")
+ (pass-if-round-trip "Authorization: Digest foo=bar, baz=qux\r\n")
(pass-if-parse expect "100-continue, foo" '((100-continue) (foo)))
(pass-if-parse from "foo@bar" "foo@bar")
(pass-if-parse host "qux" '("qux" . #f))
- [Guile-commits] branch main updated (7e048c6c5 -> 8c976c6a1), Ludovic Courtès, 2022/07/04
- [Guile-commits] 02/06: web: Handle ending CRLF (\r\n) for chunked input and output ports., Ludovic Courtès, 2022/07/04
- [Guile-commits] 04/06: Define IN6ADDR_ANY and IN6ADDR_LOOPBACK., Ludovic Courtès, 2022/07/04
- [Guile-commits] 03/06: web: Don't hide missing data in the chunked input port., Ludovic Courtès, 2022/07/04
- [Guile-commits] 05/06: Define IPPROTO_IPV6 and IPV6_V6ONLY., Ludovic Courtès, 2022/07/04
- [Guile-commits] 06/06: Update NEWS., Ludovic Courtès, 2022/07/04
- [Guile-commits] 01/06: web: send capitalized authorization header scheme,
Ludovic Courtès <=