Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make authorization schemes case and whitespace insensitive #153

Merged

Conversation

cole-h
Copy link
Contributor

@cole-h cole-h commented Nov 19, 2023

Closes #141. (Based on this PR, but moved to using std::slice::eq_ignore_ascii_case() which doesn't allocate or copy.)
Partially addresses #112. (Does not validate that e.g. the token part of Bearer token contains valid token68 characters, however.)

sbihel and others added 2 commits November 18, 2023 11:54
According to RFC7235[1]:

> It uses a case-
> insensitive token as a means to identify the authentication scheme,
> followed by additional information necessary for achieving
> authentication via that scheme.

[1]: https://datatracker.ietf.org/doc/html/rfc7235#section-2.1
This is effectively the same as comparing the result of
`to_ascii_lowercase()`, with the benefit of avoiding "allocating and
copying temporaries" (according to the Rust `std` docs[1]).

[1]: https://doc.rust-lang.org/std/primitive.slice.html#method.eq_ignore_ascii_case
Copy link
Member

@seanmonstar seanmonstar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@seanmonstar seanmonstar merged commit 7d784cd into hyperium:master Nov 20, 2023
4 checks passed
@cole-h cole-h deleted the authorization-scheme-case-insensitive branch November 20, 2023 14:17
@cole-h
Copy link
Contributor Author

cole-h commented Nov 21, 2023

I tried to [patch.crates-io] this crate to the latest HEAD of this repo (when this PR is merged), but because I'm using axum 0.6.20, Cargo was having trouble version solving for the different requirements (axum doesn't yet support http 1.0, while this crate was bumped to http 1.0 in #151).

I created a branch with the http 1.0 bump reverted (https://github.com/cole-h/headers/tree/revert-http-1, current HEAD is cole-h@b691d51) and am able to use that just fine! In case anybody wants to use this with axum as well (until they release an update supporting http 1.0), feel free to use that branch / commit (or create your own!).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants