diff options
author | Aleix Conchillo Flaqué <aconchillo@gmail.com> | 2022-06-24 09:34:53 -0700 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2022-07-04 11:16:36 +0200 |
commit | a84d8f6473979e5967e7eafa0a46ab74e12cc036 (patch) | |
tree | 59bd544a9acb7d39c0244be2cbbcb1161855e3bd | |
parent | 7e048c6c516fa477366c6b4b09914dcff44b2f5e (diff) | |
download | guile-a84d8f6473979e5967e7eafa0a46ab74e12cc036.tar.gz |
web: send capitalized authorization header scheme
* module/web/http.scm (write-credentials): capitalize authorization
header scheme. The standard allows the scheme to be case-insensitive,
however most libraries out there expect the scheme to be capitalized,
which is what it is actually used in RFC
docs (e.g. https://datatracker.ietf.org/doc/html/rfc7617#section-2). Some
libraries even reject lowercase scheme making Guile incompatible.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
-rw-r--r-- | module/web/http.scm | 14 | ||||
-rw-r--r-- | test-suite/tests/web-http.test | 11 |
2 files changed, 20 insertions, 5 deletions
diff --git a/module/web/http.scm b/module/web/http.scm index 4276e1744..6af790384 100644 --- a/module/web/http.scm +++ b/module/web/http.scm @@ -962,13 +962,23 @@ as an ordered alist." (((? symbol?) . (? key-value-list?)) #t) (_ #f))) +;; While according to RFC 7617 Schemes are case-insensitive: +;; +;; 'Note that both scheme and parameter names are matched +;; case-insensitive' +;; +;; some software (*) incorrectly assumes title case for scheme +;; names, so use the more titlecase. +;; +;; (*): See, e.g., +;; https://community.spotify.com/t5/Spotify-for-Developers/API-Authorization-header-doesn-t-follow-HTTP-spec/m-p/5397381#M4917 (define (write-credentials val port) (match val (('basic . cred) - (put-string port "basic ") + (put-string port "Basic ") (put-string port cred)) ((scheme . params) - (put-symbol port scheme) + (put-string port (string-titlecase (symbol->string scheme))) (put-char port #\space) (write-key-value-list params port)))) diff --git a/test-suite/tests/web-http.test b/test-suite/tests/web-http.test index 63377349c..5c6a954b9 100644 --- a/test-suite/tests/web-http.test +++ b/test-suite/tests/web-http.test @@ -336,9 +336,14 @@ (pass-if-parse authorization "Digest foooo" '(digest foooo)) (pass-if-parse authorization "Digest foo=bar,baz=qux" '(digest (foo . "bar") (baz . "qux"))) - (pass-if-round-trip "Authorization: basic foooo\r\n") - (pass-if-round-trip "Authorization: digest foooo\r\n") - (pass-if-round-trip "Authorization: digest foo=bar, baz=qux\r\n") + (pass-if-parse authorization "basic foooo" '(basic . "foooo")) + (pass-if-parse authorization "digest foooo" '(digest foooo)) + (pass-if-parse authorization "digest foo=bar,baz=qux" + '(digest (foo . "bar") (baz . "qux"))) + (pass-if-round-trip "Authorization: Basic foooo\r\n") + (pass-if-round-trip "Authorization: Bearer token\r\n") + (pass-if-round-trip "Authorization: Digest foooo\r\n") + (pass-if-round-trip "Authorization: Digest foo=bar, baz=qux\r\n") (pass-if-parse expect "100-continue, foo" '((100-continue) (foo))) (pass-if-parse from "foo@bar" "foo@bar") (pass-if-parse host "qux" '("qux" . #f)) |