Uploaded image for project: 'HPCC'
  1. HPCC
  2. HPCC-15706

HTTP headers need to be parsed in a case-insensitive manner

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 6.0.2
    • Component/s: ESP
    • Labels:
      None

      Description

      According to RFC 2616, Section 4.2 "Message Headers" (https://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.2), HTTP message headers are case-insensitive.

      However, getHeader() function at line #1006 in esp/bindings/http/platform/httptransport.cpp is parsing the header using a case-sensitive comparison (strncmp).

      This works for clients that send headers in a format expected by ESP, but breaks down when a client sends headers in a different case than expected.

      Example:
      When debugging ESP web services using chrome advanced REST client, it sends authorization token in all lower caps "authorization" header.

      ESP fails to recognize this header (because it expects "Authorization" with capital A), and users cannot proceed further, stuck in an authorization loop.

        Attachments

          Activity

            People

            • Assignee:
              sukhong Suk Hwan Hong
              Reporter:
              sukhong Suk Hwan Hong
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: