Skip Menu |

Preferred bug tracker

Please visit the preferred bug tracker to report your issue.

This queue is for tickets about the Web-Machine CPAN distribution.

Report information
The Basics
Id: 84232
Status: resolved
Priority: 0/
Queue: Web-Machine
People
Owner: Nobody in particular
Requestors: OSCHWALD [...] cpan.org
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)

History Show all quoted text
  Tue Mar 26 19:02:08 2013 OSCHWALD [...] cpan.org - Ticket created
Subject: Authorization: Basic header with no credentials causes an internal server error
This causes an issue when the headers are inflated by HTTP::ActionPack Error: Must provide credentials at /opt/perl5.16.3/lib/site_perl/5.16.3/HTTP/Headers/Ac tionPack/Authorization/Basic.pm line 21. HTTP::Headers::ActionPack::Authorization::Basic::BUILDARGS('HTTP::Header s::ActionPack::Authorization::Basic', 'Basic', undef) called at /opt/perl5.16.3/ lib/site_perl/5.16.3/HTTP/Headers/ActionPack/Core/Base.pm line 17 [...] HTTP::Headers::ActionPack::inflate('HTTP::Headers::ActionPack=HASH(0x4c5 5b90)', 'Plack::Request=HASH(0xcf53c28)') called at /opt/perl5.16.3/lib/site_per l/5.16.3/Web/Machine/Util.pm line 38 Web::Machine::Util::inflate_headers('Plack::Request=HASH(0xcf53c28)') ca lled at /opt/perl5.16.3/lib/site_perl/5.16.3/Web/Machine.pm line 37 [...]
  Tue Mar 26 19:12:04 2013 stevan.little [...] gmail.com - Correspondence added
Subject: Re: [rt.cpan.org #84232] Authorization: Basic header with no credentials causes an internal server error
Date: Tue, 26 Mar 2013 19:11:50 -0400
To: bug-Web-Machine [...] rt.cpan.org
From: Stevan Little <stevan.little [...] iinteractive.com>
Gregory, Could you please provide an example header and/or a runnable test that illustrates the issue? Thanks, - Stevan On Mar 26, 2013, at 7:02 PM, "Gregory J. Oschwald via RT" <bug-Web-Machine@rt.cpan.org> wrote: Show quoted text
> Tue Mar 26 19:02:08 2013: Request 84232 was acted upon. > Transaction: Ticket created by OSCHWALD > Queue: Web-Machine > Subject: Authorization: Basic header with no credentials causes an > internal server error > Broken in: (no value) > Severity: (no value) > Owner: Nobody > Requestors: OSCHWALD@cpan.org > Status: new > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=84232 > > > > This causes an issue when the headers are inflated by HTTP::ActionPack > > Error: > Must provide credentials at /opt/perl5.16.3/lib/site_perl/5.16.3/HTTP/Headers/Ac > tionPack/Authorization/Basic.pm line 21. > HTTP::Headers::ActionPack::Authorization::Basic::BUILDARGS('HTTP::Header > s::ActionPack::Authorization::Basic', 'Basic', undef) called at /opt/perl5.16.3/ > lib/site_perl/5.16.3/HTTP/Headers/ActionPack/Core/Base.pm line 17 > > [...] > HTTP::Headers::ActionPack::inflate('HTTP::Headers::ActionPack=HASH(0x4c5 > 5b90)', 'Plack::Request=HASH(0xcf53c28)') called at /opt/perl5.16.3/lib/site_per > l/5.16.3/Web/Machine/Util.pm line 38 > Web::Machine::Util::inflate_headers('Plack::Request=HASH(0xcf53c28)') ca > lled at /opt/perl5.16.3/lib/site_perl/5.16.3/Web/Machine.pm line 37 > [...]
  Tue Mar 26 19:12:05 2013 The RT System itself - Status changed from 'new' to 'open'
  Tue Mar 26 21:54:04 2013 OSCHWALD [...] cpan.org - Correspondence added
On Tue Mar 26 19:12:04 2013, STEVAN wrote: Show quoted text
> Gregory, > > Could you please provide an example header and/or a runnable test that > illustrates the issue? >
This HTTP request will result in the internal server error on our Web::Machine 0.8 instance: GET /app/endpoint HTTP/1.1 Content-Type: text/html Authorization: Basic Host: example.com Connection: close I might be able to find time to make a unit test tomorrow. Greg
  Wed Mar 27 08:42:18 2013 stevan.little [...] gmail.com - Correspondence added
Greg, Thanks for the unit test, but after doing some digging it seems that the error is correct. According to the "HTTP Authentication" spec (http://tools.ietf.org/html/rfc2617#section-2), this header is invalid and needs to have a credentials section added to it. Is there a valid reason for having a header such as this? - Stevan On Tue Mar 26 21:54:04 2013, OSCHWALD wrote: Show quoted text
> On Tue Mar 26 19:12:04 2013, STEVAN wrote:
> > Gregory, > > > > Could you please provide an example header and/or a runnable test
> that
> > illustrates the issue? > >
> > > This HTTP request will result in the internal server error on our > Web::Machine 0.8 instance: > > GET /app/endpoint HTTP/1.1 > Content-Type: text/html > Authorization: Basic > Host: example.com > Connection: close > > I might be able to find time to make a unit test tomorrow. > > Greg
  Wed Mar 27 09:36:34 2013 OSCHWALD [...] cpan.org - Correspondence added
On Wed Mar 27 08:42:18 2013, STEVAN wrote: Show quoted text
> Greg, > > Thanks for the unit test, but after doing some digging it seems that > the error is correct. According to the "HTTP Authentication" spec > (http://tools.ietf.org/html/rfc2617#section-2), this header is > invalid and needs to have a credentials section added to it. > > Is there a valid reason for having a header such as this?
I agree that it is a malformed header (that some clients seem to be sending). I am _not_ objecting to the fact that an error is being sent, but it should not be causing an internal server error (and causing a traceback to be logged). I think returning a 400 would be appropriate. Greg
  Wed Mar 27 10:42:44 2013 stevan.little [...] gmail.com - Correspondence added
Subject: Re: [rt.cpan.org #84232] Authorization: Basic header with no credentials causes an internal server error
Date: Wed, 27 Mar 2013 10:42:28 -0400
To: bug-Web-Machine [...] rt.cpan.org
From: Stevan Little <stevan.little [...] iinteractive.com>
Greg, I have pushed a fix for this to github (https://github.com/stevan/webmachine-perl) please try it out and let me know if this works for you. If so I will ship it to CPAN later today. Thanks, - Stevan On Mar 27, 2013, at 9:36 AM, Gregory J. Oschwald via RT <bug-Web-Machine@rt.cpan.org> wrote: Show quoted text
> Queue: Web-Machine > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=84232 > > > On Wed Mar 27 08:42:18 2013, STEVAN wrote:
>> Greg, >> >> Thanks for the unit test, but after doing some digging it seems that >> the error is correct. According to the "HTTP Authentication" spec >> (http://tools.ietf.org/html/rfc2617#section-2), this header is >> invalid and needs to have a credentials section added to it. >> >> Is there a valid reason for having a header such as this?
> > I agree that it is a malformed header (that some clients seem to be sending). I am _not_ objecting to the fact that an error is being sent, but it should not be causing an internal server error (and causing a traceback to be logged). I think returning a 400 would be appropriate. > > Greg
  Wed Mar 27 10:48:12 2013 oschwald [...] gmail.com - Correspondence added
Subject: Re: [rt.cpan.org #84232] Authorization: Basic header with no credentials causes an internal server error
Date: Wed, 27 Mar 2013 07:47:22 -0700
To: bug-Web-Machine [...] rt.cpan.org
From: Gregory Oschwald <oschwald [...] gmail.com>
Show quoted text
> I have pushed a fix for this to github ( > https://github.com/stevan/webmachine-perl) please try it out and let me > know if this works for you. If so I will ship it to CPAN later today. >
Looks good to me. Thanks! Greg
  Wed Mar 27 21:48:54 2013 OSCHWALD [...] cpan.org - Status changed from 'open' to 'resolved'