Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-44663

Authorization header reading is case sensitive.

          [JENKINS-44663] Authorization header reading is case sensitive.

          Oleg Nenashev added a comment -

          Seems to be a reasonable change.

          Could you please provide some info about clients which send such headers?

          Oleg Nenashev added a comment - Seems to be a reasonable change. Could you please provide some info about clients which send such headers?

          Daurn Imator added a comment -

          From rfc7617:

          Note that both scheme and parameter names are matched case-insensitively.

           

          One such library is lua-http (which I maintain): we had a bug report that our library wouldn't work with Jenkins

          Daurn Imator added a comment - From rfc7617: Note that both scheme and parameter names are matched case-insensitively.   One such library is lua-http (which I maintain): we had a bug report that our library wouldn't work with Jenkins

          Daniel Beck added a comment -

          RFC 2617 also says

          It uses an extensible, case-insensitive token to identify the authentication scheme,…

          So it's not new.

          Daniel Beck added a comment - RFC 2617 also says It uses an extensible, case-insensitive token to identify the authentication scheme,… So it's not new.

          Oleg Nenashev added a comment -

          There was a pull request for it: https://github.com/jenkinsci/jenkins/pull/2913 . But the author has not finalized it. Anybody can take it from there though

          Oleg Nenashev added a comment - There was a pull request for it: https://github.com/jenkinsci/jenkins/pull/2913 . But the author has not finalized it. Anybody can take it from there though

            liketic Li Ke
            daurnimator Daurn Imator
            Votes:
            1 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: