make "Basic" detection insensitive as per RFC2617 #293

Merged
merged 1 commit into from May 29, 2012

Projects

None yet

2 participants

@2shortplanks
Contributor
11:46 < Trelane> seen miyagawa?
11:47 < Trelane>     if ($auth =~ /^Basic (.*)$/) {  
11:47 < Trelane> (in Plack::Middleware::Auth::Basic)
11:47 < Trelane>  HTTP provides a simple challenge-response authentication mechanism that 
                 MAY be used by a server to challenge a client request and by a client to 
                 provide authentication information. It uses an extensible, 
                 case-insensitive token to identify the authentication scheme, followed by 
                 a comma-separated list of attribute-value pairs which carry the parameters 
                 necessary for achieving authentication via that
11:48 < Trelane> http://tools.ietf.org/html/rfc2617#section-1.2
11:48 < Trelane> Does that regex need a /i at the end?
12:00 <@mst> sounds like it to me
@miyagawa
Member

Out of curiosity, do you know any browser that sends them in all-lowercase (or uppercase)?

@miyagawa miyagawa merged commit 6f3cb0c into plack:master May 29, 2012
@2shortplanks
Contributor

Nope. I was just happened to be reading the spec and thought I'd look up what Plack already had, and noticed the disparity.

Mark Fowler
http://www.twoshortplanks.com/

On Tuesday, 29 May 2012 at 19:34, Tatsuhiko Miyagawa wrote:

Out of curiosity, do you know any browser that sends them in all-lowercase (or uppercase)?


Reply to this email directly or view it on GitHub:
https://github.com/miyagawa/Plack/pull/293#issuecomment-5991842

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment