I wonder if base64-encode should rather be patched with a #:last-newline? (Default #t) argument.
Tim On 7 May 2015 17:37:18 BST, Tim Brown <tim.br...@cityc.co.uk> wrote: >Folks, > >I've just tried to use web-server/http-digest-auth, and >it seems that make-digest-auth-header generates an invalid header >(or at least one that upsets Firefox). > >The definition of make-digest-auth-header(*) uses base64-encode >to generate the nonce. base64-encode is documented as: > >> the result always ends with a newline-bstr unless the input is >> empty. > >So the result is generated as: > >(header > #"WWW-Authenticate" > #"Digest realm=\"Vyke!\", qop=\"auth\", >nonce=\"MTQzMTAxNDc3NiBlNjFmMDY2NzgyYjcyNmFjMmIzY2RkNWQxOTU3NzIzNQ==\r\n\" > >opaque=\"opaque\"") > >Notice the CRLF in nonce... which causes the header to be truncated >(and >therefore invalidated) by my browser. I don't know if it's actually >upsetting my call to response; but in any case it's a problem. > >I'm also not sure if there should also be a comma between the nonce and >opaque. > >I've put together a patch for your perusal. >"tim-brown-patch-1" raised for racket/web-server. > >Regards, > >Tim > >(*) in pkgs/web-server-lib/web-server/http/digest-auth.rkt l.11 -- Sent from my Android device with K-9 Mail. Please excuse my brevity. -- You received this message because you are subscribed to the Google Groups "Racket Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to racket-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
