[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] web: authorization header scheme should be capitalized
From: |
Dr. Arne Babenhauserheide |
Subject: |
Re: [PATCH] web: authorization header scheme should be capitalized |
Date: |
Fri, 24 Jun 2022 14:16:24 +0200 |
User-agent: |
mu4e 1.6.11; emacs 28.1 |
Aleix Conchillo Flaqué <aconchillo@gmail.com> writes:
> On Thu, Jun 23, 2022 at 3:20 PM Maxime Devos <maximedevos@telenet.be> wrote:
>
> Aleix Conchillo Flaqué schreef op do 23-06-2022 om 14:13 [-0700]:
> >
> https://community.spotify.com/t5/Spotify-for-Developers/API-Authorization-header-doesn-t-follow-HTTP-spec/m-p/5397381#M4917
> > > Also, there's still a potential patch to be had, e.g. you could add
> > > a test checking that Guile properly supports schemes in other cases
> > > (if not done already).
> >
> > What do you mean?
>
> Even if there is nothing that _has_ to be done in Guile, there's still
> thing that _can_ be done in Guile to improve Guile's test suite -- in
> this case, a test in the test suite that the Guile's web code
> understands both lowercase and uppercase and titlecase authorisation
> schemes.
>
> Ah, got it. Yes, that would make sense.
>
> I was thinking about it again. I know that Guile complies with the standard
> but since, I would say, capitalized schemes is what most libraries use, would
> it make sense to switch to that? I don't really expect big companies to fix
> this kind of stuff fast and in the meantime we can't use Guile for certain
> things. I have to say I've never seen lowercase Authorization header schemes.
I think that it makes sense to ensure that Guile works with other
libraries. It’s this kind of compatibility code that makes the
difference between a tool that’s good in theory and one that works in
practice.
The robustness principle applies here:¹ Be lenient in what you accept
and strict in what you send — sending the header in lowercase requires
others to be lenient which cannot work.
Best wishes,
Arne
¹: While the robustness principle can be harmful when you’re the one
mantaining the spec, because it can prevent required fixes in the
spec
(<https://www.ietf.org/archive/id/draft-iab-protocol-maintenance-05.html>),
it applies here, because we cannot change the spec or what others
accept.
-
Unpolitisch sein
heißt politisch sein,
ohne es zu merken.
draketo.de
signature.asc
Description: PGP signature
- [PATCH] web: authorization header scheme should be capitalized, (continued)
- [PATCH] web: authorization header scheme should be capitalized, Aleix Conchillo Flaqué, 2022/06/23
- Re: [PATCH] web: authorization header scheme should be capitalized, Aleix Conchillo Flaqué, 2022/06/23
- Re: [PATCH] web: authorization header scheme should be capitalized, Maxime Devos, 2022/06/23
- Re: [PATCH] web: authorization header scheme should be capitalized, Aleix Conchillo Flaqué, 2022/06/23
- Re: [PATCH] web: authorization header scheme should be capitalized, Maxime Devos, 2022/06/23
- Re: [PATCH] web: authorization header scheme should be capitalized, Aleix Conchillo Flaqué, 2022/06/23
- Re: [PATCH] web: authorization header scheme should be capitalized, Maxime Devos, 2022/06/23
- Re: [PATCH] web: authorization header scheme should be capitalized, Aleix Conchillo Flaqué, 2022/06/23
- Re: [PATCH] web: authorization header scheme should be capitalized, Maxime Devos, 2022/06/24
- Re: [PATCH] web: authorization header scheme should be capitalized, Aleix Conchillo Flaqué, 2022/06/24
- Re: [PATCH] web: authorization header scheme should be capitalized,
Dr. Arne Babenhauserheide <=