Basic authorization and colon in user, password
Daniel Brunner
daniel at dbrunner.de
Tue Apr 30 07:47:52 UTC 2013
Hi to all,
as I understood RFC2617 for basic authorization it is assumed that
username and password are seperated with a colon ":".
When a user enters an additional colon in username and/or password
Hunchentoot (1.2.7) fails with an error:
[2013-04-30 09:34:34 [ERROR]] Extra arguments in ("foo" "bar"
"blafasel") don't match lambda list (&OPTIONAL HUNCHENTOOT::USER
HUNCHENTOOT::PASSWORD).
The code in question is in the function AUTHORIZATION in request.lisp:
--
(destructuring-bind (&optional user password)
(split ":" (base64:base64-string-to-string (subseq
authorization start)))
--
I would prefer if Hunchentoot could handle this case silently without
signalling an error. What do you think?
Kind regards,
Daniel
More information about the Tbnl-devel
mailing list