Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make authorization schemes case and whitespace insensitive #153

Merged
merged 2 commits into from
Nov 20, 2023
Merged

Make authorization schemes case and whitespace insensitive #153

merged 2 commits into from
Nov 20, 2023

Conversation

cole-h
Copy link
Contributor

@cole-h cole-h commented Nov 19, 2023
edited
Loading

Closes #141. (Based on this PR, but moved to using std::slice::eq_ignore_ascii_case() which doesn't allocate or copy.)
Partially addresses #112. (Does not validate that e.g. the token part of Bearer token contains valid token68 characters, however.)

sbihel and others added 2 commits November 18, 2023 11:54
@sbihel @cole-h
Make authorization schemes case and whitespace insensitive
d6c3993 
According to RFC7235[1]:

> It uses a case-
> insensitive token as a means to identify the authentication scheme,
> followed by additional information necessary for achieving
> authentication via that scheme.

[1]: https://datatracker.ietf.org/doc/html/rfc7235#section-2.1
@cole-h
Use eq_ignore_ascii_case() for Authorization schemes
5a1cc7a 
This is effectively the same as comparing the result of
`to_ascii_lowercase()`, with the benefit of avoiding "allocating and
copying temporaries" (according to the Rust `std` docs[1]).

[1]: https://doc.rust-lang.org/std/primitive.slice.html#method.eq_ignore_ascii_case
seanmonstar
seanmonstar approved these changes Nov 20, 2023
View reviewed changes
Copy link
Member

@seanmonstar seanmonstar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@seanmonstar seanmonstar merged commit 7d784cd into hyperium:master Nov 20, 2023
4 checks passed
@cole-h cole-h deleted the authorization-scheme-case-insensitive branch November 20, 2023 14:17
@cole-h
Copy link
Contributor Author

cole-h commented Nov 21, 2023

I tried to [patch.crates-io] this crate to the latest HEAD of this repo (when this PR is merged), but because I'm using axum 0.6.20, Cargo was having trouble version solving for the different requirements (axum doesn't yet support http 1.0, while this crate was bumped to http 1.0 in #151).

I created a branch with the http 1.0 bump reverted (https://github.com/cole-h/headers/tree/revert-http-1, current HEAD is cole-h@b691d51) and am able to use that just fine! In case anybody wants to use this with axum as well (until they release an update supporting http 1.0), feel free to use that branch / commit (or create your own!).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@seanmonstar seanmonstar seanmonstar approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@cole-h @seanmonstar @sbihel