Closed baliame closed 8 years ago
Vetted and approved by both of us. While comparing the implementations, this seemed to be a part of the auth spec that was unclear and was interpreted differently by both of us.
I think I disagree. There should be a blank line.
My original reasoning was that it wasn't clearly specified, but the examples themselves did not contain the empty line.
From a coding standpoint, I disagree with having a single empty line, because it is inconsistent. For 0 extra headers, you have 1 line, for 1 extra header, you also have 1 line. I believe creating special case for 0 extra headers is a hoop that unnecessarily complicates the implementation of the spec - with no empty line it is as straightforward as a for loop.
Looking at the ruby version, https://github.com/acquia/http-hmac-ruby/blob/2.0/lib/acquia-http-hmac.rb
In that case I think there will be no blank line, so this change was right after all.
Sorry for being confused here - thanks for the clarification.
Clarified the fact that no empty line should be present if no added-signed-headers are being signed.