Join GitHub today
GitHub is home to over 20 million developers working together to host and review code, manage projects, and build software together.
Rack::Auth::AbstractRequest will throw given empty Authorization header #438
I ran into this issue attempting to extract information from an Authorization header that turned out to be empty:
Based on my read of RFC 2616 and 2617, that form of the header is invalid [*]. The application should probably return a 400, but I'm not sure what the API for
Here's a strawman proposal:
Given a malformed header,
[*] RFC 2616 and 2617 collectively specify the following grammar for the Authorization header: