diff options
| -rw-r--r-- | module/web/http.scm | 14 | ||||
| -rw-r--r-- | test-suite/tests/web-http.test | 11 |
2 files changed, 20 insertions, 5 deletions
diff --git a/module/web/http.scm b/module/web/http.scm index 4276e1744..6af790384 100644 --- a/module/web/http.scm +++ b/module/web/http.scm @@ -962,13 +962,23 @@ as an ordered alist." (((? symbol?) . (? key-value-list?)) #t) (_ #f))) +;; While according to RFC 7617 Schemes are case-insensitive: +;; +;; 'Note that both scheme and parameter names are matched +;; case-insensitive' +;; +;; some software (*) incorrectly assumes title case for scheme +;; names, so use the more titlecase. +;; +;; (*): See, e.g., +;; https://community.spotify.com/t5/Spotify-for-Developers/API-Authorization-header-doesn-t-follow-HTTP-spec/m-p/5397381#M4917 (define (write-credentials val port) (match val (('basic . cred) - (put-string port "basic ") + (put-string port "Basic ") (put-string port cred)) ((scheme . params) - (put-symbol port scheme) + (put-string port (string-titlecase (symbol->string scheme))) (put-char port #\space) (write-key-value-list params port)))) diff --git a/test-suite/tests/web-http.test b/test-suite/tests/web-http.test index 63377349c..5c6a954b9 100644 --- a/test-suite/tests/web-http.test +++ b/test-suite/tests/web-http.test @@ -336,9 +336,14 @@ (pass-if-parse authorization "Digest foooo" '(digest foooo)) (pass-if-parse authorization "Digest foo=bar,baz=qux" '(digest (foo . "bar") (baz . "qux"))) - (pass-if-round-trip "Authorization: basic foooo\r\n") - (pass-if-round-trip "Authorization: digest foooo\r\n") - (pass-if-round-trip "Authorization: digest foo=bar, baz=qux\r\n") + (pass-if-parse authorization "basic foooo" '(basic . "foooo")) + (pass-if-parse authorization "digest foooo" '(digest foooo)) + (pass-if-parse authorization "digest foo=bar,baz=qux" + '(digest (foo . "bar") (baz . "qux"))) + (pass-if-round-trip "Authorization: Basic foooo\r\n") + (pass-if-round-trip "Authorization: Bearer token\r\n") + (pass-if-round-trip "Authorization: Digest foooo\r\n") + (pass-if-round-trip "Authorization: Digest foo=bar, baz=qux\r\n") (pass-if-parse expect "100-continue, foo" '((100-continue) (foo))) (pass-if-parse from "foo@bar" "foo@bar") (pass-if-parse host "qux" '("qux" . #f)) |