commit 0232c377c39611f4c476ec9464356f0ae40497d9
parent 25c0b949ab5a77cc6aafc442cecbcaca0c49b3f1
Author: Christian Grothoff <christian@grothoff.org>
Date: Tue, 2 Feb 2021 12:05:06 +0100
include 'Bearer' in prefix and document discussion with mnot
Diffstat:
1 file changed, 13 insertions(+), 4 deletions(-)
diff --git a/src/backend/taler-merchant-httpd.c b/src/backend/taler-merchant-httpd.c
@@ -67,6 +67,14 @@
#include "taler-merchant-httpd_templating.h"
/**
+ * Required prefix for the authorization header as per RFC 8959.
+ * (Follows RFC 6750 albeit technically violates RFC 7235, but
+ * Mark Nottingham thinks this should be fixed by revising HTTP
+ * spec (https://github.com/httpwg/http-core/issues/733))
+ */
+#define RFC_8959_PREFIX "Bearer secret-token:"
+
+/**
* Backlog for listen operation on unix-domain sockets.
*/
#define UNIX_BACKLOG 500
@@ -1523,15 +1531,16 @@ url_handler (void *cls,
if (NULL != auth)
{
if (0 != strncasecmp (auth,
- "secret-token:",
- strlen ("secret-token:")))
+ RFC_8959_PREFIX,
+ strlen (RFC_8959_PREFIX)))
{
return TALER_MHD_reply_with_error (connection,
MHD_HTTP_UNAUTHORIZED,
TALER_EC_GENERIC_PARAMETER_MALFORMED,
- "'secret-token:' prefix missing in 'Authorization' header");
+ "'" RFC_8959_PREFIX
+ "' prefix missing in 'Authorization' header");
}
- auth += strlen ("secret-token:");
+ auth += strlen (RFC_8959_PREFIX);
}
if (NULL == hc->instance)
{
