blob: febfd6aff3e588ec6c6d62fc68dc58efcd94842c (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML>
<HEAD>
<TITLE> [99s-extend] HTTP Basic Auth base64 decode fails
</TITLE>
<LINK REL="Index" HREF="index.html" >
<LINK REL="made" HREF="mailto:extend%40lists.ninenines.eu?Subject=Re%3A%20%5B99s-extend%5D%20HTTP%20Basic%20Auth%20base64%20decode%20fails&In-Reply-To=%3C53BBF058.3090103%40ninenines.eu%3E">
<META NAME="robots" CONTENT="index,nofollow">
<style type="text/css">
pre {
white-space: pre-wrap; /* css-2.1, curent FF, Opera, Safari */
}
</style>
<META http-equiv="Content-Type" content="text/html; charset=us-ascii">
<LINK REL="Previous" HREF="000412.html">
<LINK REL="Next" HREF="000414.html">
</HEAD>
<BODY BGCOLOR="#ffffff">
<H1>[99s-extend] HTTP Basic Auth base64 decode fails</H1>
<B>Loïc Hoguin</B>
<A HREF="mailto:extend%40lists.ninenines.eu?Subject=Re%3A%20%5B99s-extend%5D%20HTTP%20Basic%20Auth%20base64%20decode%20fails&In-Reply-To=%3C53BBF058.3090103%40ninenines.eu%3E"
TITLE="[99s-extend] HTTP Basic Auth base64 decode fails">essen at ninenines.eu
</A><BR>
<I>Tue Jul 8 15:21:28 CEST 2014</I>
<P><UL>
<LI>Previous message: <A HREF="000412.html">[99s-extend] HTTP Basic Auth base64 decode fails
</A></li>
<LI>Next message: <A HREF="000414.html">[99s-extend] HTTP Basic Auth base64 decode fails
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#413">[ date ]</a>
<a href="thread.html#413">[ thread ]</a>
<a href="subject.html#413">[ subject ]</a>
<a href="author.html#413">[ author ]</a>
</LI>
</UL>
<HR>
<!--beginarticle-->
<PRE>Parsing of any header may crash. Some may also return an error tuple,
though that behavior slowly changes and it will always crash in 2.0. So
just wrap the call around a try/catch if you need to handle the error.
Note that at this exact moment I'm working on returning 400 instead of
500 automatically when parsing headers end up crashing (and possibly
other situations later on).
On 07/08/2014 03:17 PM, Paulo F. Oliveira wrote:
><i> Hello, y'all.
</I>><i>
</I>><i> I'm using HTTP Basic Auth in my API. While calling
</I>><i> cowboy_req:parse_header(<<"authorization>>", ... with an _invalid_
</I>><i> Authorization header such as "Authorization: Basic Test1" I get an error
</I>><i> 500 back and an error log message on the server.
</I>><i>
</I>><i> 1. Is this the expected behavior? [if I understand correctly, my request
</I>><i> is going through authorization(UserPass, Type = <<"basic">>) and this
</I>><i> has no check for the string being correctly encoded]
</I>><i>
</I>><i> 2. what would be the best way to guard against this "error"?
</I>><i>
</I>><i> Thanks.
</I>><i>
</I>><i> - Paulo F. Oliveira
</I>><i>
</I>><i>
</I>><i> _______________________________________________
</I>><i> Extend mailing list
</I>><i> <A HREF="https://lists.ninenines.eu/listinfo/extend">Extend at lists.ninenines.eu</A>
</I>><i> <A HREF="https://lists.ninenines.eu/listinfo/extend">https://lists.ninenines.eu/listinfo/extend</A>
</I>><i>
</I>
--
Loïc Hoguin
<A HREF="http://ninenines.eu">http://ninenines.eu</A>
</PRE>
<!--endarticle-->
<HR>
<P><UL>
<!--threads-->
<LI>Previous message: <A HREF="000412.html">[99s-extend] HTTP Basic Auth base64 decode fails
</A></li>
<LI>Next message: <A HREF="000414.html">[99s-extend] HTTP Basic Auth base64 decode fails
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#413">[ date ]</a>
<a href="thread.html#413">[ thread ]</a>
<a href="subject.html#413">[ subject ]</a>
<a href="author.html#413">[ author ]</a>
</LI>
</UL>
<hr>
<a href="https://lists.ninenines.eu/listinfo/extend">More information about the Extend
mailing list</a><br>
</body></html>
|
