Closed
Description
I'm seeing errors such as the following being logged in production:
File "xxx.py", line 91, in xxx
if request.authorization is not None:
File "eggs/WebOb-1.4.1-py3.4.egg/webob/descriptors.py", line 164, in fget
return parse(hget(r))
File "eggs/WebOb-1.4.1-py3.4.egg/webob/descriptors.py", line 321, in parse_auth
authtype, params = val.split(' ', 1)
ValueError: need more than 1 value to unpack
I believe this is because the Authorization header is malformed (does not contain a space or is blank.) Raising a ValueError here means that application code must protect each access to Request.authorization with a try/except block. WebOb should probably handle such cases more elegantly.
Metadata
Metadata
Assignees
Labels
No labels