Aleix Conchillo Flaqué writes: > On Thu, Jun 23, 2022 at 3:20 PM Maxime Devos wrote: > > Aleix Conchillo Flaqué schreef op do 23-06-2022 om 14:13 [-0700]: > > https://community.spotify.com/t5/Spotify-for-Developers/API-Authorization-header-doesn-t-follow-HTTP-spec/m-p/5397381#M4917 > > > Also, there's still a potential patch to be had, e.g. you could add > > > a test checking that Guile properly supports schemes in other cases > > > (if not done already). > > > > What do you mean? > > Even if there is nothing that _has_ to be done in Guile, there's still > thing that _can_ be done in Guile to improve Guile's test suite -- in > this case, a test in the test suite that the Guile's web code > understands both lowercase and uppercase and titlecase authorisation > schemes. > > Ah, got it. Yes, that would make sense. > > I was thinking about it again. I know that Guile complies with the standard but since, I would say, capitalized schemes is what most libraries use, would > it make sense to switch to that? I don't really expect big companies to fix this kind of stuff fast and in the meantime we can't use Guile for certain > things. I have to say I've never seen lowercase Authorization header schemes. I think that it makes sense to ensure that Guile works with other libraries. It’s this kind of compatibility code that makes the difference between a tool that’s good in theory and one that works in practice. The robustness principle applies here:¹ Be lenient in what you accept and strict in what you send — sending the header in lowercase requires others to be lenient which cannot work. Best wishes, Arne ¹: While the robustness principle can be harmful when you’re the one mantaining the spec, because it can prevent required fixes in the spec (), it applies here, because we cannot change the spec or what others accept. - Unpolitisch sein heißt politisch sein, ohne es zu merken. draketo.de