Sephster
commented
2 months ago Thanks for reporting this. I've written a test and fixed this now. Thanks for bringing it to my attention
Closed htvennik closed 2 months ago
Sephster
commented
2 months ago Thanks for reporting this. I've written a test and fixed this now. Thanks for bringing it to my attention
Current Behavior
HTTP Basic authentication scheme is only recognized with only first letter capitalized. This causes client credentials sent using HTTP Basic auth to be ignored if the authentication scheme is not exactly written as
Basic.Expected Behavior
HTTP authentication scheme identifier is matched case insensitively, as specified by RFC2617 section 1.2: “It uses an extensible, case-insensitive token to identify the authentication scheme“