GNU bug report logs -
#14370
[PATCH] Write out HTTP Basic auth headers correctly
Previous Next
Reported by: Atom X Zane <atomx <at> deadlyhead.com>
Date: Wed, 8 May 2013 15:48:01 UTC
Severity: normal
Tags: patch
Done: Mark H Weaver <mhw <at> netris.org>
Bug is archived. No further changes may be made.
Full log
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
HTTP Basic authorization headers are not output correctly, leaving off
the user credentials in the Authorization: header.
Test case:
(let ((req (build-request
(build-uri
'http
#:host "example.com")
#:headers '((authorization
basic . "dXNlcm5hbWU6cGFzc3dvcmQ=")
))))
(write-request req (current-output-port)))
Expected output:
> GET / HTTP/1.1
> Host: example.com
> Authorization: basic dXNlcm5hbWU6cGFzc3dvcmQ=
Actual output:
> GET / HTTP/1.1
> Host: example.com
> Authorization: basic
As you can see, the user credentials aren't actually written out,
causing the server to return a "401 Authorization required" response. I
have included a patch which remedies this problem.
-- Atom X Zane
* module/web/http.scm: modify write-credentials to display the
base64-encoded concatenation of username and password if the
authorization model is 'basic
---
module/web/http.scm | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/module/web/http.scm b/module/web/http.scm
index 35169ef..0e5db5d 100644
--- a/module/web/http.scm
+++ b/module/web/http.scm
@@ -913,10 +913,10 @@ as an ordered alist."
(define (write-credentials val port)
(display (car val) port)
+ (display #\space port)
(if (pair? (cdr val))
- (begin
- (display #\space port)
- (write-key-value-list (cdr val) port))))
+ (write-key-value-list (cdr val) port)
+ (display (cdr val) port)))
;; challenges = 1#challenge
;; challenge = auth-scheme 1*SP 1#auth-param
--
1.7.10.4
This bug report was last modified 11 years and 125 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.