[99s-extend] HTTP Basic Auth base64 decode fails

[Paulo F. Oliveira]

Great, thanks.

I saw some changes "from 422 to 400" in recent versions (PUT and POST).
Thanks for the heads up. As long as they're document, no harm shall come of
these changes.

In any case, if I see it happen very often live I'll "protect" it agains
the _bad_ header :-).

Cheers.

- Paulo F. Oliveira


On 8 July 2014 14:21, Loïc Hoguin <essen at ninenines.eu> wrote:

> Parsing of any header may crash. Some may also return an error tuple,
> though that behavior slowly changes and it will always crash in 2.0. So
> just wrap the call around a try/catch if you need to handle the error.
>
> Note that at this exact moment I'm working on returning 400 instead of 500
> automatically when parsing headers end up crashing (and possibly other
> situations later on).
>
>
> On 07/08/2014 03:17 PM, Paulo F. Oliveira wrote:
>
>> Hello, y'all.
>>
>> I'm using HTTP Basic Auth in my API. While calling
>> cowboy_req:parse_header(<<"authorization>>", ... with an _invalid_
>> Authorization header such as "Authorization: Basic Test1" I get an error
>> 500 back and an error log message on the server.
>>
>> 1. Is this the expected behavior? [if I understand correctly, my request
>> is going through authorization(UserPass, Type = <<"basic">>) and this
>> has no check for the string being correctly encoded]
>>
>> 2. what would be the best way to guard against this "error"?
>>
>> Thanks.
>>
>> - Paulo F. Oliveira
>>
>>
>> _______________________________________________
>> Extend mailing list
>> Extend at lists.ninenines.eu
>> https://lists.ninenines.eu/listinfo/extend
>>
>>
> --
> Loïc Hoguin
> http://ninenines.eu
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ninenines.eu/archives/extend/attachments/20140708/497ef9a1/attachment.html>