Browse files

document changes to cannonical string for empty content body

  • Loading branch information...
1 parent edb138f commit 28c593c6548a0e5a0f1e5aacd634fd20a1b4c558 @jacobo jacobo committed Jan 3, 2012
Showing with 6 additions and 0 deletions.
  1. +6 −0 README.md
View
6 README.md
@@ -60,3 +60,9 @@ signature:
now signed:
{"REQUEST_URI"=>"http://example.com/api/1/service_accounts/1324/messages", "PATH_INFO"=>"/api/1/service_accounts/1324/messages", "CONTENT_TYPE"=>"application/json", "HTTP_ACCEPT"=>"application/json", "REQUEST_METHOD"=>"POST", "HTTP_DATE"=>"Thu, 15 Dec 2011 23:50:33 GMT", "rack.input"=>#<StringIO:0x007fd9239f6998>, "HTTP_AUTHORIZATION"=>"AuthHMAC 123bc211233eabc:UZDkXszu4dp6Gz2TEGcy/cVt0R0="}
+
+## Requests with empty request body.
+
+In prior versions (0.1.x), we expected the MD5 hash of an empty string (d41d8cd98f00b204e9800998ecf8427e) to be used in the canonical string when the HTTP request had no body. In the latest version (0.4.x), we expect an empty string to used instead. We've made the "server" component of ey_api_hmac verify and accept both styles of canonical string, however there is no backwards-compatible solution for the client, so we always use empty string when the content body is empty.
+
+This change was made to be compatible with the other HMAC already in use internally at Engine Yard: http://rubygems.org/gems/auth-hmac.

0 comments on commit 28c593c

Please sign in to comment.