Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Request.authorization raises ValueError for unusual or malformed header values #231
I'm seeing errors such as the following being logged in production:
I believe this is because the Authorization header is malformed (does not contain a space or is blank.) Raising a ValueError here means that application code must protect each access to Request.authorization with a try/except block. WebOb should probably handle such cases more elegantly.
added a commit
Feb 25, 2016
I don't think WebOb should silently return something that may or may not look like a valid authorization header.
Instead of raising a
If user code specifically requests a header, especially one that is related to security, WebOb shouldn't silently attempt to acquiesce the malformed header.
The request that triggered my logged error had a User-Agent of "Microsoft Office Word 2014". Googling shows that Microsoft Office DAV may send
I think there's a good argument for saying
But when accessing Request.authorization, I don't think it makes much sense distinguish between
referenced this issue
Jun 27, 2016
This issue affects pyramid_debugtoolbar. The "Request Vars" panel accesses
I'd say that's a good indication that raising