[99s-extend] HTTP Basic Auth base64 decode fails
Loïc Hoguin
essen at ninenines.eu
Tue Jul 8 15:21:28 CEST 2014
Parsing of any header may crash. Some may also return an error tuple,
though that behavior slowly changes and it will always crash in 2.0. So
just wrap the call around a try/catch if you need to handle the error.
Note that at this exact moment I'm working on returning 400 instead of
500 automatically when parsing headers end up crashing (and possibly
other situations later on).
On 07/08/2014 03:17 PM, Paulo F. Oliveira wrote:
> Hello, y'all.
>
> I'm using HTTP Basic Auth in my API. While calling
> cowboy_req:parse_header(<<"authorization>>", ... with an _invalid_
> Authorization header such as "Authorization: Basic Test1" I get an error
> 500 back and an error log message on the server.
>
> 1. Is this the expected behavior? [if I understand correctly, my request
> is going through authorization(UserPass, Type = <<"basic">>) and this
> has no check for the string being correctly encoded]
>
> 2. what would be the best way to guard against this "error"?
>
> Thanks.
>
> - Paulo F. Oliveira
>
>
> _______________________________________________
> Extend mailing list
> Extend at lists.ninenines.eu
> https://lists.ninenines.eu/listinfo/extend
>
--
Loïc Hoguin
http://ninenines.eu
More information about the Extend
mailing list