lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]



On Oct 19, 2007, at 5:55 PM, Diego Nehab wrote:

Hi,

After comparing headers that wget and curl sent with
http.request's, I realized that the webserver I was
talking to requires the authentication header keyword to
be in the form "Authorization". The behavior of the http
module is to force all header keywords to lower-case.

That's a bug in their webserver.  Please let them know. From
the RFC:


Sorry I didn't take the time to look at the RFCs. In any event, I'll verify the vendor/source of the webserver and report the bug to them if possible. The bad news is it's likely to be a potential issue in any device with the SNMP Inc. library... most likely embedded devices that don't get upgraded too often (if at all).

For what it's worth, curl, wget, camino (firefox derivative for osx), and IE6 all send the header as "Authorization"... I'm not trying to change your mind on this issue, just sharing my research.

    4.2 Message Headers

    HTTP header fields, which include general-header (section 4.5),
    request-header (section 5.3), response-header (section 6.2),
    and entity-header (section 7.1) fields, follow the
    same generic format as that given in Section 3.1 of RFC 822
    [9]. Each header field consists of a name followed by a
    colon (":") and the field value.  Field names are
    case-insensitive.

The fix for this is very simple... and I want to verify
that there were no hidden design reasons for the keywords
to be changed to lower-case as well as letting y'all know
of this issue.

The reason is to make sure there are no repeated headers
with different capitalization. All header names are
lower-case in LuaSocket. Can you tell me about your fix?
Doesn't seem that easy to me.


Well, "hacky" might be a better description than easy. Here's the modified function:

---------
local function adjustheaders(reqt)
    -- default headers
    local lower = {
        ["user-agent"] = USERAGENT,
        ["host"] = reqt.host,
        ["connection"] = "close, TE",
        ["te"] = "trailers"
    }
    -- if we have authentication information, pass it along
    if reqt.user and reqt.password then
lower["Authorization"] = -- make the header keyword case- specific for emhttp
            "Basic " ..  (mime.b64(reqt.user .. ":" .. reqt.password))
    end
    -- override with user headers
    for i,v in base.pairs(reqt.headers or lower) do
        lower[i] = v -- don't force the header keyword lower-case
    end
    return lower
end
---------

Obviously, this doesn't correct the problems with duplicate header keywords.

An option that I also messed around with was changing the function metat.__index:sendheaders() to look for the "authorization" keyword and replace it with "Authorization" before building the header...

I dislike having to do either... but such is life... it could have been worse, for a while, I thought the webserver was requiring the Authorization keyword to be the first one.

Regards,

-joe

Regards,
Diego