Closed sstrollo closed 2 years ago
This was written before RFC7617 so I guess that explains the discrepancy. I don't think we need to return the other params, at least not according to the RFC. Even the charset doesn't seem super useful to have.
This was written before RFC7617 so I guess that explains the discrepancy.
👍
I don't think we need to return the other params, at least not according to the RFC. Even the charset doesn't seem super useful to have.
I agree.
Now without the redundant www_auth_scheme/2
clause.
Merged, thanks!
I received the following
WWW-Authenticate
header (while using gun towards AWS's ECR):which made
cow_http_hd:parse_www_authenticate/1
crash on a function clause. First I thought the header was wrong, but if I understand https://www.rfc-editor.org/rfc/rfc7617.html#section-2 right, it is permitted to include other authentication parameters in the response (although onlycharset
has a defined meaning).I made the attached fix, which basically throws away all authentication parameters other than "realm" for the
Basic
scheme. Perhaps one would like to return the other params, but I don't see a backwards compatible way of doing so (maybe returning{basic,Realm}
when there are no other parameters and{basic, Realm, Params}
when there are would be more "future proof" - but also more work for the client...)