Hi Michael,
This seems like a very useful addition to libwww-perl. I have been
wanting a mode where $response->as_string would show responses exactly
as they where received without adding, or reordering of the headers
or even fix up the casing for the header field names. A patch like
yours should make this much easier.
Your patch does not address the preserving-of-case for header filed
names. Is that not required for your signing server?
It also seems your approach makes it hard to deal correctly with
repeated headers mixed in with others; for instance something like
this ugly response:
200 OK
Server: Fool/1.0
content-encoding :
gzip
Content-Type: text/plain; charset="UTF-8"
Content-Encoding: base64
Date: Fri Sep 5 10:24:37 CEST 2008
H4sICETrwEgAA3h4eADLSM3JyVcozy/KSVHkAgC0r9cBDQAAAA==
Your thoughts?
--Gisle
On Thu, Sep 4, 2008 at 9:35 PM, Michael Greb <[EMAIL PROTECTED]> wrote:
> Greetings,
>
> We are currently using HTTP::Daemon to prototype a project and have a need
> to access headers in the order they were sent over the network. Our
> particular use case is cryptographically signing a subset of the headers and
> sending this signature as an additional header.
>
> A specified set of headers are to be included in the signature if present in
> the request. We join the content of these headers (with "\n") then
> calculate the expected signature and compare it to the value submitted by
> the client. In order to get the same signature, we must join the header
> content in the same order as the client. If we only needed to support perl
> clients using LWP::UserAgent, this wouldn't be an issue as HTTP::Daemon and
> LWP::UserAgent both use HTTP::Headers and the order the headers will be
> presented to the consuming script is predictable. Unfortunately, we must
> support multiple languages.
>
> The HTTP client is allowed to join the headers in preparation for signing in
> any order it wishes so long as it then sends the headers in the same order
> over the network. The attached patch stores the order headers are added to
> the HTTP::Headers object in an arrayref ($self->{_wire_order}). The
> header_field_names and scan methods are extended to take an optional value
> that if present and true cause the headers to be returned/visited based on
> the order of elements in $self->{_wire_order} rather than the existing 'best
> practices' order. The next logical step would be similar extension to the
> as_string method.
>
> This code has been tested and, thanks to great tests, I was able to catch
> missing the clear method in my first go at the functionality. All tests
> currently pass except for a few[1] that seem to be related to the new
> run_handler method[2]. I'm a bit unsure that the push within the _header
> method does the right thing in all cases (particularly adding an additional
> value to an existing header and replacing an existing header with a new
> value).
>
> This patch does include an update to the relevant docs but does not include
> new tests. Should the functionality be deemed useful for inclusion in
> libwww-perl I can go ahead and extend the as_string method and add some new
> tests to match the new functionality.
