search

hapijs / boom

HTTP-friendly error objects
Other
2.94k stars 192 forks source link

boom.unathorized adds extra space to string value scheme in WWW-Authenticate header #260

Closed seanstern closed 4 years ago

seanstern commented 4 years ago

Support plan

Context

What are you trying to achieve or the steps to reproduce?

I want to produce an unauthorized error where the WWW-Authenticate header's value is scheme that is specified at runtime. In the example below the string value 'Bearer'. Note that this string value has no spaces before or after it.

const boom = require('@hapi/boom');
const authErr = boom.unauthorized(null, 'Bearer');
console.log(authErr);

What was the result you got?

The error object's WWW-Authenticate property's value has an extra space at the end ('Bearer ').

{ Error: Unauthorized
    at repl:1:9
    // Stack trace redacted for brevity
  data: null,
  isBoom: true,
  isServer: false,
  output:
   { statusCode: 401,
     payload:
      { statusCode: 401,
        error: 'Unauthorized',
        message: 'Unauthorized' },
     headers: { 'WWW-Authenticate': 'Bearer ' } },  // Note the space at the end
  message: 'Unauthorized' }

What result did you expect?

The error object's WWW-Authenticate property's value should not have an extra space at the end ('Bearer').

{ Error: Unauthorized
    at repl:1:9
    // Stack trace redacted for brevity
  data: null,
  isBoom: true,
  isServer: false,
  output:
   { statusCode: 401,
     payload:
      { statusCode: 401,
        error: 'Unauthorized',
        message: 'Unauthorized' },
     headers: { 'WWW-Authenticate': 'Bearer' } },  // Note there is NO space at the end
  message: 'Unauthorized' }