diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/backend/taler-merchant-httpd.c | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/src/backend/taler-merchant-httpd.c b/src/backend/taler-merchant-httpd.c index 85318ad9..f33d4346 100644 --- a/src/backend/taler-merchant-httpd.c +++ b/src/backend/taler-merchant-httpd.c @@ -67,6 +67,14 @@ #include "taler-merchant-httpd_templating.h" /** + * Required prefix for the authorization header as per RFC 8959. + * (Follows RFC 6750 albeit technically violates RFC 7235, but + * Mark Nottingham thinks this should be fixed by revising HTTP + * spec (https://github.com/httpwg/http-core/issues/733)) + */ +#define RFC_8959_PREFIX "Bearer secret-token:" + +/** * Backlog for listen operation on unix-domain sockets. */ #define UNIX_BACKLOG 500 @@ -1523,15 +1531,16 @@ url_handler (void *cls, if (NULL != auth) { if (0 != strncasecmp (auth, - "secret-token:", - strlen ("secret-token:"))) + RFC_8959_PREFIX, + strlen (RFC_8959_PREFIX))) { return TALER_MHD_reply_with_error (connection, MHD_HTTP_UNAUTHORIZED, TALER_EC_GENERIC_PARAMETER_MALFORMED, - "'secret-token:' prefix missing in 'Authorization' header"); + "'" RFC_8959_PREFIX + "' prefix missing in 'Authorization' header"); } - auth += strlen ("secret-token:"); + auth += strlen (RFC_8959_PREFIX); } if (NULL == hc->instance) { |