[dev] RPC Authorization header
René Lund Jensen
lundeman at tbkol.dk
Tue Dec 31 10:38:10 PST 2002
Hey
I'm now (again) playing around with the horde rpc stuff.
I'm trying to do a rpc request from a perlscript, using authorization.
I've found out that perl sends the header:
Authorization: Basic [Base64 encoded credentials]
this is compliant with RFC1945 HTTP 1.0
( http://www.ietf.org/rfc/rfc1945.txt )
and RFC 2616 HTTP 1.1
( http://www.ietf.org/rfc/rfc2616.txt )
But Horde sends:
Authentication: Basic [Base64 encoded credentials]
.. in RPC::request(...)
Basically this is probably a typo.
The funny thing is, that the check in horde/rpc.php using
$_SERVER['HTTP_AUTHENTICATION'] is actually returning the headerfield of
Authentication, and NOT Authorization, but this is probably an error in
PHP. The new (in rpc.php v.1.9) 2. check for authentication credentials
using $_SERVER['PHP_AUTH_USER'] and $_SERVER['PHP_AUTH_PW'] is actually
extracting the user and password from the Authorization header,
compliant with the RFC's
So unless it breaks something I will suggest to remove the 1. check for
credentials, and only use the second one.
René Jensen
lundeman at tbkol.dk
More information about the dev
mailing list