You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Note that both scheme and parameter names are matched case-
insensitively.
APISIX thus does not appear to follow the http spec (unless I'm missing something).
Some products such as Elasticsearch have addressed this issue
Thank you.
Expected Behavior
APISIX should listen to (and unit-test for)
authorization: basic [etc.]
Authorization: basic [etc.]
authorization: Basic [etc.]
Even:
AuThOrIZaTIOn: bAsIC
is a valid authorization header string start
Error Logs
No response
Steps to Reproduce
I'm unsure on what to write here. The code is in the default branch. I wrote a custom WASM plugin in Rust using the WASM SDK and it only pics up Basic literal request headers as valid authorization header, not basic.
Environment
This doesn't appear to be a version-specific thing.
The text was updated successfully, but these errors were encountered:
Current Behavior
Lines like https://github.com/apache/apisix/blob/master/apisix/plugins/basic-auth.lua#L81 prescribe case-sensitive header keys and values but according to https://datatracker.ietf.org/doc/html/rfc7617#page-3 (scroll down a bit):
APISIX thus does not appear to follow the http spec (unless I'm missing something).
Some products such as Elasticsearch have addressed this issue
Thank you.
Expected Behavior
APISIX should listen to (and unit-test for)
authorization: basic
[etc.]Authorization: basic
[etc.]authorization: Basic
[etc.]Even:
AuThOrIZaTIOn: bAsIC
is a valid authorization header string start
Error Logs
No response
Steps to Reproduce
I'm unsure on what to write here. The code is in the default branch. I wrote a custom WASM plugin in Rust using the WASM SDK and it only pics up
Basic
literal request headers as valid authorization header, notbasic
.Environment
This doesn't appear to be a version-specific thing.
The text was updated successfully, but these errors were encountered: