Skip to content

Request.authorization raises ValueError for unusual or malformed header values #231

Closed
@lrowe

Description

@lrowe

I'm seeing errors such as the following being logged in production:

  File "xxx.py", line 91, in xxx
    if request.authorization is not None:
  File "eggs/WebOb-1.4.1-py3.4.egg/webob/descriptors.py", line 164, in fget
    return parse(hget(r))
  File "eggs/WebOb-1.4.1-py3.4.egg/webob/descriptors.py", line 321, in parse_auth
    authtype, params = val.split(' ', 1)
ValueError: need more than 1 value to unpack

I believe this is because the Authorization header is malformed (does not contain a space or is blank.) Raising a ValueError here means that application code must protect each access to Request.authorization with a try/except block. WebOb should probably handle such cases more elegantly.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions