Merge pull request #293 from 2shortplanks/master

make "Basic" detection insensitive as per RFC2617
plack · May 29, 2012 · 6f3cb0c · 6f3cb0c
2 parents d99efef + 8105487
commit 6f3cb0c
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/lib/Plack/Middleware/Auth/Basic.pm b/lib/Plack/Middleware/Auth/Basic.pm
@@ -22,7 +22,9 @@ sub call {
     my $auth = $env->{HTTP_AUTHORIZATION}
         or return $self->unauthorized;
 
-    if ($auth =~ /^Basic (.*)$/) {
+    # note the 'i' on the regex, as, accoring to RFC2617 this is a 
+    # "case-insensitive token to identify the authentication scheme"
+    if ($auth =~ /^Basic (.*)$/i) {
         my($user, $pass) = split /:/, (MIME::Base64::decode($1) || ":");
         $pass = '' unless defined $pass;
         if ($self->authenticator->($user, $pass, $env)) {