HTTP "authorization" header not accepted (case-sensitive)

[cweiske]

HTTP headers are meant to be processed case-insensitive, but the code only accepts Authorization (word case) and not authorization (lowercase).

HTTP 1.1 RFC 2616 section 4.2 says:

Field names are case-insensitive.

[cweiske]

@snarfed: Should I adjust getallheaders() or lowercase its result in authorize()?

[voxpelli]

The getallheaders() seems to already run a strtolower()? https://github.com/snarfed/wordpress-micropub/blob/f91bd8c88a1e2ad0399745537ab7aa442d04a3aa/micropub.php#L555

[snarfed]

true! the bug is probably just that the 'Authorization's here should be 'authorization's.

[voxpelli]

No, because it also does a ucwords(), but maybe a function name collision? Not the most unique of function names that one

7 sep. 2016 kl. 18:07 skrev Ryan Barrett notifications@github.com:

true! the bug is probably just that 'Authorization' here should be 'authorization'.

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or mute the thread.

[cweiske]

here in my local installation, the micropub-provided getallheaders is not used. So while the mp-provided getallheaders Word-Cases the header names (thus Authorization would work), the one that's actually used does not.

[cweiske]

Ah. PHP itself defines it. http://php.net/getallheaders

[cweiske]

So lowercasing the result of this function is the correct way.