include 'Bearer' in prefix and document discussion with mnot

1 files changed, 13 insertions, 4 deletions

diff --git a/src/backend/taler-merchant-httpd.c b/src/backend/taler-merchant-httpd.c
index 85318ad9..f33d4346 100644
--- a/src/backend/taler-merchant-httpd.c
+++ b/src/backend/taler-merchant-httpd.c
@@ -67,6 +67,14 @@
 #include "taler-merchant-httpd_templating.h"
 
 /**
+ * Required prefix for the authorization header as per RFC 8959.
+ * (Follows RFC 6750 albeit technically violates RFC 7235, but
+ *  Mark Nottingham thinks this should be fixed by revising HTTP
+ *  spec (https://github.com/httpwg/http-core/issues/733))
+ */
+#define RFC_8959_PREFIX "Bearer secret-token:"
+
+/**
  * Backlog for listen operation on unix-domain sockets.
  */
 #define UNIX_BACKLOG 500
@@ -1523,15 +1531,16 @@ url_handler (void *cls,
     if (NULL != auth)
     {
       if (0 != strncasecmp (auth,
-                            "secret-token:",
-                            strlen ("secret-token:")))
+                            RFC_8959_PREFIX,
+                            strlen (RFC_8959_PREFIX)))
       {
         return TALER_MHD_reply_with_error (connection,
                                            MHD_HTTP_UNAUTHORIZED,
                                            TALER_EC_GENERIC_PARAMETER_MALFORMED,
-                                           "'secret-token:' prefix missing in 'Authorization' header");
+                                           "'" RFC_8959_PREFIX
+                                           "' prefix missing in 'Authorization' header");
       }
-      auth += strlen ("secret-token:");
+      auth += strlen (RFC_8959_PREFIX);
     }
     if (NULL == hc->instance)
     {