You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The spec states that the format of the Authorization header on the Federation API is given by RFC 7235. Part of that specification allows for zero or more spaces or tabs around the commas in the parameter list. For example, the following should be a valid Authorization header:
This fact was omitted from the summary of RFC 7235 in the spec, which is likely why it didn't make it into ruma as well. That is now being corrected: matrix-org/matrix-spec#1818
The code should be updated to allow whitespace in the parameter list in the header, such that any homeserver implementations following the spec would not have their federation requests rejected by homeservers that rely on ruma.
I am wondering if we should just use the http-auth crate instead of reimplementing a parser ourselves. It has a parser for RFC 7235 and all the features we don't need are behind cargo features.
The spec states that the format of the
Authorization
header on the Federation API is given by RFC 7235. Part of that specification allows for zero or more spaces or tabs around the commas in the parameter list. For example, the following should be a validAuthorization
header:Yet upon looking at
ruma
's source code, I believe it would reject this header:Pair names or values are not trimmed for whitespace:
ruma/crates/ruma-server-util/src/authorization.rs
Lines 110 to 125 in b4d0ab4
And space or tab is not allowed in the
name
field:ruma/crates/ruma-server-util/src/authorization.rs
Lines 192 to 196 in b4d0ab4
This fact was omitted from the summary of RFC 7235 in the spec, which is likely why it didn't make it into
ruma
as well. That is now being corrected: matrix-org/matrix-spec#1818The code should be updated to allow whitespace in the parameter list in the header, such that any homeserver implementations following the spec would not have their federation requests rejected by homeservers that rely on ruma.
See matrix-org/matrix-spec#1817 for more context.
The text was updated successfully, but these errors were encountered: