RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-05-14 09:14:58 +00:00
Code Issues Activity Actions

pro: Override authorization with manually set Authorization header

Browse source
This commit is contained in:
Thomas Keppler 2022-12-21 16:23:50 +01:00 committed by Ali Mohammad Pur
parent de23e7c2d3
commit b5cae5867a
1 changed files with 3 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

5
Userland/Utilities/pro.cpp
View file

@ -246,11 +246,12 @@ ErrorOr<int> serenity_main(Main::Arguments arguments)
auto output_stream = ConditionalOutputFileStream { [&] { return should_save_stream_data; }, stdout };
// https://httpwg.org/specs/rfc9110.html#authentication
if (!credentials.is_empty() && is_http_url) {
auto const has_credentials = !credentials.is_empty();
auto const has_manual_authorization_header = request_headers.contains("Authorization");
if (is_http_url && has_credentials && !has_manual_authorization_header) {
// 11.2. Authentication Parameters
// The authentication scheme is followed by additional information necessary for achieving authentication via
// that scheme as (...) or a single sequence of characters capable of holding base64-encoded information.
// FIXME: Prevent overriding manually provided Authorization header
auto const encoded_credentials = TRY(encode_base64(credentials.bytes()));
auto const authorization = TRY(String::formatted("Basic {}", encoded_credentials));
request_headers.set("Authorization", authorization.to_deprecated_string());