From 0232c377c39611f4c476ec9464356f0ae40497d9 Mon Sep 17 00:00:00 2001
From: Christian Grothoff <christian@grothoff.org>
Date: Tue, 2 Feb 2021 12:05:06 +0100
Subject: include 'Bearer' in prefix and document discussion with mnot

---
 src/backend/taler-merchant-httpd.c | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

(limited to 'src')

diff --git a/src/backend/taler-merchant-httpd.c b/src/backend/taler-merchant-httpd.c
index 85318ad9..f33d4346 100644
--- a/src/backend/taler-merchant-httpd.c
+++ b/src/backend/taler-merchant-httpd.c
@@ -66,6 +66,14 @@
 #include "taler-merchant-httpd_statics.h"
 #include "taler-merchant-httpd_templating.h"
 
+/**
+ * Required prefix for the authorization header as per RFC 8959.
+ * (Follows RFC 6750 albeit technically violates RFC 7235, but
+ *  Mark Nottingham thinks this should be fixed by revising HTTP
+ *  spec (https://github.com/httpwg/http-core/issues/733))
+ */
+#define RFC_8959_PREFIX "Bearer secret-token:"
+
 /**
  * Backlog for listen operation on unix-domain sockets.
  */
@@ -1523,15 +1531,16 @@ url_handler (void *cls,
     if (NULL != auth)
     {
       if (0 != strncasecmp (auth,
-                            "secret-token:",
-                            strlen ("secret-token:")))
+                            RFC_8959_PREFIX,
+                            strlen (RFC_8959_PREFIX)))
       {
         return TALER_MHD_reply_with_error (connection,
                                            MHD_HTTP_UNAUTHORIZED,
                                            TALER_EC_GENERIC_PARAMETER_MALFORMED,
-                                           "'secret-token:' prefix missing in 'Authorization' header");
+                                           "'" RFC_8959_PREFIX
+                                           "' prefix missing in 'Authorization' header");
       }
-      auth += strlen ("secret-token:");
+      auth += strlen (RFC_8959_PREFIX);
     }
     if (NULL == hc->instance)
     {
-- 
cgit v1.2.3