canonical_string method of the Headers class works improperly with https

mgomes / api_auth

HMAC authentication for Rails and HTTP Clients

MIT License

480 stars 147 forks source link

canonical_string method of the Headers class works improperly with https #23

Closed amogil closed 10 years ago

amogil commented 11 years ago

# Returns the canonical string computed from the request's headers
def canonical_string
   [ @request.content_type,
     @request.content_md5,
     @request.request_uri.gsub(/http:\/\/[^(,|\?|\/)]*/,''), # remove host
     @request.timestamp
    ].join(",")
end

'http://www.cnn.com/ping'.gsub(/http:\/\/[^(,|\?|\/)]*/,'') -> '/ping'
'https://www.cnn.com/ping'.gsub(/http:\/\/[^(,|\?|\/)]*/,'') -> 'https://www.cnn.com/ping'

So access via https doesn't work

clekstro commented 11 years ago

A colleague and I have remedied this in a private branch and will be submitting a PR hopefully within the next week.

mgomes commented 10 years ago

This has been added to 1.1.0.