From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: "Dr. Arne Babenhauserheide" Newsgroups: gmane.lisp.guile.devel Subject: Re: [PATCH] web: authorization header scheme should be capitalized Date: Fri, 24 Jun 2022 14:16:24 +0200 Message-ID: <87a6a2b2o0.fsf@web.de> References: <20220623202759.3578506-1-aconchillo@gmail.com> <922957d6545149287a6aec7b9d258bf2dd7603ef.camel@telenet.be> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="22913"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: mu4e 1.6.11; emacs 28.1 Cc: Maxime Devos , guile-devel@gnu.org To: Aleix Conchillo =?utf-8?Q?Flaqu=C3=A9?= Original-X-From: guile-devel-bounces+guile-devel=m.gmane-mx.org@gnu.org Fri Jun 24 15:41:06 2022 Return-path: Envelope-to: guile-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1o4jYX-0005kl-Hg for guile-devel@m.gmane-mx.org; Fri, 24 Jun 2022 15:41:05 +0200 Original-Received: from localhost ([::1]:40932 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1o4jYW-0005zy-Lw for guile-devel@m.gmane-mx.org; Fri, 24 Jun 2022 09:41:04 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:37534) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1o4jXs-0005yF-BD for guile-devel@gnu.org; Fri, 24 Jun 2022 09:40:24 -0400 Original-Received: from mout.web.de ([212.227.15.14]:40839) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1o4jXq-0004pY-8d for guile-devel@gnu.org; Fri, 24 Jun 2022 09:40:24 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=web.de; s=dbaedf251592; t=1656078019; bh=llAF0yqEqn79iSw5DJXNMKnfnwJ4zJkGn156drMyyKk=; h=X-UI-Sender-Class:References:From:To:Cc:Subject:Date:In-reply-to; b=siXeFS/RzeUm4gY6L8iNSSEwBWIsneOBjrkJbGsHxLwbRiz6awncqTVExztkQ7L1L OnfuKPvVBwyDmvofEpDfzGMZKBb1iYZBu5mE2X+oYgwTcFBwapnghwvIfvOHbUHGua ZmKblcDKfe8rrs1r75+x94lcgReufo8J8xq3yQHc= X-UI-Sender-Class: c548c8c5-30a9-4db5-a2e7-cb6cb037b8f9 Original-Received: from fluss ([80.136.30.232]) by smtp.web.de (mrweb006 [213.165.67.108]) with ESMTPSA (Nemesis) id 1N9cHJ-1nYR7u0cQH-015PjX; Fri, 24 Jun 2022 15:40:19 +0200 In-reply-to: X-Provags-ID: V03:K1:58YoGIs6kVCdUI8rr9WY1q6UL/hp4wR2NHinys/2WCYShTMoSfO cMCjKV5ESgeroHv1KIW4uNMyuUobz1VzKKRnRWaWoHepiNwYk6jH+Yq/GJFjgN+T4E3ZlvP 2XjmVRge3O7vN0shwzr77uX+fR83T2C8aq5qB+cUwGOFBFlyzf5Z0HLma5K/GlKt2x3Hjbt mItItNxnyhsGSGkzBLaag== X-UI-Out-Filterresults: notjunk:1;V03:K0:YDwLyST8I8s=:Qbyuo6Q2Yv/gp8BouZ+QeS ZoSY0CF4NN+vnLTcg6muqgY07J3BbiR9kELXddd9YuL8umpRS7dkOiGPpqcctyrh2eD9SuIKK sv3AdUrydzvYKV9GPEg/5zrXQMJkyCqdTRn4K999vHgtw7LxdDG/lgvECW5nwzROa/9if7ig9 H0aoiEOBQfdaoxPM19E724hdjMnih65QV6AJTxfRXNK2Av+vpfytg1021HV6JPjoOX0wXGi34 RjoA346lX93X2sY9z7vA5Mb3gGUlTlxECAHum035XOOkhqcSc3UUwJJrxBrGilsDR9AB6WQJJ myEMvwmDvbftVH/F0qi7KMweFKRqH8w/07rI5J87f6Hv6XBh/tQA0fklILPBPONWzkKiZEEjT iT+XNNn6n1r/Q3+AsPOxpkzFqsG1KY1SLBXf4N/es7O1oqVxFcAginHtV6QScnVG18IFJ/mP+ /AUmEL7fuHascM5rdCZoLqxJCzehqAd+lEwgjNI95F3AG0BCrmgJD68ILl23yOQPHM10/4Xig OEVEGKOjBhb+9yi5tQBs8Emz+BKTPhQBxac/XE+/9aTndD/NWP/d2pJ5smxfhl+Fj1/Plk2z9 StOuRfhPoHf3Drvpqfn/U8ikyqZbqiR1fpc9USX8vbqMjQA0JP/etXnU4UhQV/kHHonueu/gx w3mDdp7MalCb+3jdU0hpmFXrgfg9Fbk+4UPXpGQIbZ9L2YGiwxtKoXRsietUDPVMbcVeI5D/M Ak1V8P/R52w7fpGyRE7lVC9cCJTNaGpWG088dsERqTbptGu0jW/tIl5pLU3b9EBkFsjR3P9R Received-SPF: pass client-ip=212.227.15.14; envelope-from=arne_bab@web.de; helo=mout.web.de X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guile-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Developers list for Guile, the GNU extensibility library" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guile-devel-bounces+guile-devel=m.gmane-mx.org@gnu.org Original-Sender: "guile-devel" Xref: news.gmane.io gmane.lisp.guile.devel:21235 Archived-At: --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Aleix Conchillo Flaqu=C3=A9 writes: > On Thu, Jun 23, 2022 at 3:20 PM Maxime Devos wro= te: > > Aleix Conchillo Flaqu=C3=A9 schreef op do 23-06-2022 om 14:13 [-0700]: > > https://community.spotify.com/t5/Spotify-for-Developers/API-Authorizat= ion-header-doesn-t-follow-HTTP-spec/m-p/5397381#M4917 > > > Also, there's still a potential patch to be had, e.g. you could add > > > a test checking that Guile properly supports schemes in other cases > > > (if not done already). > >=20 > > What do you mean? > > Even if there is nothing that _has_ to be done in Guile, there's still > thing that _can_ be done in Guile to improve Guile's test suite -- in > this case, a test in the test suite that the Guile's web code > understands both lowercase and uppercase and titlecase authorisation > schemes. > > Ah, got it. Yes, that would make sense. > > I was thinking about it again. I know that Guile complies with the standa= rd but since, I would say, capitalized schemes is what most libraries use, = would > it make sense to switch to that? I don't really expect big companies to f= ix this kind of stuff fast and in the meantime we can't use Guile for certa= in > things. I have to say I've never seen lowercase Authorization header sche= mes. I think that it makes sense to ensure that Guile works with other libraries. It=E2=80=99s this kind of compatibility code that makes the difference between a tool that=E2=80=99s good in theory and one that works = in practice. The robustness principle applies here:=C2=B9 Be lenient in what you accept and strict in what you send =E2=80=94 sending the header in lowercase requi= res others to be lenient which cannot work. Best wishes, Arne =C2=B9: While the robustness principle can be harmful when you=E2=80=99re t= he one mantaining the spec, because it can prevent required fixes in the spec (), it applies here, because we cannot change the spec or what others accept. =2D=20 Unpolitisch sein hei=C3=9Ft politisch sein, ohne es zu merken. draketo.de --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQJEBAEBCAAuFiEE801qEjXQSQPNItXAE++NRSQDw+sFAmK1vsEQHGFybmVfYmFi QHdlYi5kZQAKCRAT741FJAPD6xwhD/9zj4lV50UxT480BNLIzMcNaWpoOKsnPRUg /VN0V5xWUKfmRKHsVyiQqJLeMVTz09n6jS8a/P8fBi0rGcXoLHFB9rq3oQ0OzWk9 seHIO/k8bkgWMfnreoE3ak4AMQ6zrnt5pj1c2W+BiNmB1UCbOFHklSBUKaw1FfcT pLVtSmP1ZA9sGN/6raAHdILcNhz9BCoZG9T7EMZAT/KJkqXrpZcFDq83vl8WYmiQ aYK7HND4rapEjrLtCNiUr+vif30SCQtDqaQJFEBduCWO316anNU0bJ/G03K0IhLU 5c2fLWAT8xNvTw2gabLNG68KcRfDNuekvWYJch5HMOVIz5jH6f56buZBtMbbgQt+ YFeRnhwQtYvinwwCVy1ZSJmSzhqoM7fzljbRsLMaPCas62vHdlIFtQi/43pPMYH/ 7QsCE0PhxyqRuNQrH4M0pLgfGcW8HLoA8Znr/GT7jiduuNfAcpEUd3eJdsY3zY5J y0V/c4Xkbgi5AAl7ovws0ZbpeFxg7kLr2Z0lFQOV1kH15eUaqPOuhZYvbWK/nx3L +gl1pkU3ZFf0qUwta7s7bkH4l9k14fmzrY2UQmwOLtlq8DhG/uJimwTPnWT0zvtf i29K9HESlEQQz62xhbv8XJR1TiDPOCFHd3X/kwxdFiTyHsvIPXxSPbzgza5kvb6N coN4UZBcyojEBAEBCAAuFiEE3Si95tmHXKvOSosd3M8NswvBBUgFAmK1vsIQHGFy bmVfYmFiQHdlYi5kZQAKCRDczw2zC8EFSG0wA/9iSO0mDXDR76m7k+xp4gb35vXQ ws5mm40Cs9JXOFLQJWzind84BMpB0xmdHr4a/7Wg74Rl6qXgYTtMbUoN+85wOHzz aqGCJ6BifRtaxRDfpykx4ukKijeWGTvxI3BzPyGbhANLy3P+pZ+RtDzJuAA1jrIJ SfiqxPQPeKwzfF6MlA== =9CMg -----END PGP SIGNATURE----- --=-=-=--