Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[New Version in Pull] Use of string "BASIC" in Basic Authentication Header #4

Closed
jbobzin-insyde opened this issue Aug 5, 2017 · 1 comment
Closed

[New Version in Pull] Use of string "BASIC" in Basic Authentication Header #4

jbobzin-insyde opened this issue Aug 5, 2017 · 1 comment
Assignees
@mraineri

Comments

@jbobzin-insyde
Copy link

At several places in rf_utility.py, the Basic Authentication Header is formed with a string "BASIC ".
The syntax in RFC1945 section 11.1 uses the string "Basic".
RFC2616 section 4.2 says Header Field names are case insensitive.
But does that apply to header values as well?

This is the first Redfish tool to use the full upper case BASIC string in this header.
Is this allowed? Is it good idea?
@mraineri mraineri self-assigned this Aug 10, 2017
@billdodd
Copy link
Contributor

billdodd commented Aug 10, 2017
edited
Loading

In RFC 7617, section 2, it says:

"Note that both scheme and parameter names are matched case-insensitively."

In this context, "Basic" is the scheme name.

That said, the tool should not be trying to trip up services that don't properly do case insensitive matches. So it seems reasonable to me to change to the tool to use "Basic" like all the examples show.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mraineri mraineri

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mraineri @billdodd @jbobzin-insyde