varnishncsa cannot decode Authorization header if the format is incorrect. #2148

iamkelvinloke opened this Issue Nov 27, 2016 · 1 comment


None yet

4 participants

iamkelvinloke commented Nov 27, 2016 edited

Expected Behavior

For below Authorization headers, varnishncsa should decode the string properly.

Authorization: Basic aWFta2VsdmlubG9rZTo5ODMzMjIxMQ==
Authorization:Basic aWFta2VsdmlubG9rZTo5ODMzMjIxMQ==

Current Behavior

When there isn't any space between : and Basic, varnishncsa is not able to decode the string.

Authorization: Basic aWFta2VsdmlubG9rZTo5ODMzMjIxMQ==

Able to decode

Authorization:Basic aWFta2VsdmlubG9rZTo5ODMzMjIxMQ==

Not able to decode

Possible Solution

We could possibly add in a code handling to be able to parse the Authorization header?

Steps to Reproduce (for bugs)

curl -X GET -H "Authorization:Basic aWFta2VsdmlubG9rZTo5ODMzMjIxMQ==" ""

The log format is %h %l %u %t "%r" %s %b "%{Referer}i" "%{User-agent}i"

Varnishncsa is not able to decode the Authorization header to %u (result below). - - [27/Nov/2016:22:51:47 +0800] "GET HTTP/1.1" 200 390710 "-" "curl/7.35.0"

My Environment

Ubuntu 14.04

@fgsch fgsch added a commit that closed this issue Nov 27, 2016
@fgsch fgsch Whitespace after colon is optional
Fixes #2148.
@fgsch fgsch closed this in 98afc23 Nov 27, 2016
@hermunn hermunn added a commit that referenced this issue Dec 7, 2016
@fgsch @hermunn fgsch + hermunn Whitespace after colon is optional
Fixes #2148.
hermunn commented Dec 7, 2016

Backport review: Backported as d8810a8

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment