Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ignore empty domain for digets auth #50348

Merged
merged 2 commits into from
Mar 30, 2021
Merged

ignore empty domain for digets auth #50348

merged 2 commits into from
Mar 30, 2021

Conversation

wfurt
Copy link
Member

@wfurt wfurt commented Mar 29, 2021

rfc7616 suggest that missing or empty should be treated equally.

  domain

      A quoted, space-separated list of URIs, as specified in [RFC3986],
      that define the protection space.  If a URI is a path-absolute, it
      is relative to the canonical root URL.  (See Section 2.2 of
      [RFC7235].)  An absolute-URI in this list may refer to a different
      server than the web-origin [RFC6454].  The client can use this
      list to determine the set of URIs for which the same
      authentication information may be sent: any URI that has a URI in
      this list as a prefix (after both have been made absolute) MAY be
      assumed to be in the same protection space.  If this parameter is
      omitted or its value is empty, the client SHOULD assume that the
      protection space consists of all URIs on the web-origin.

fixes #50283

@wfurt wfurt requested a review from a team March 29, 2021 06:26
@wfurt wfurt self-assigned this Mar 29, 2021
@ghost
Copy link

ghost commented Mar 29, 2021

Tagging subscribers to this area: @dotnet/ncl
See info in area-owners.md if you want to be subscribed.

Issue Details

rfc7616 suggest that missing or empty should be treated equally.

  domain

      A quoted, space-separated list of URIs, as specified in [RFC3986],
      that define the protection space.  If a URI is a path-absolute, it
      is relative to the canonical root URL.  (See Section 2.2 of
      [RFC7235].)  An absolute-URI in this list may refer to a different
      server than the web-origin [RFC6454].  The client can use this
      list to determine the set of URIs for which the same
      authentication information may be sent: any URI that has a URI in
      this list as a prefix (after both have been made absolute) MAY be
      assumed to be in the same protection space.  If this parameter is
      omitted or its value is empty, the client SHOULD assume that the
      protection space consists of all URIs on the web-origin.

fixes #50283

Author: wfurt
Assignees: wfurt
Labels:

area-System.Net.Http
Milestone: -

@wfurt wfurt merged commit 0b9dcc5 into dotnet:main Mar 30, 2021
@wfurt wfurt deleted the digestDomain_50283 branch March 30, 2021 07:01
@wfurt
Copy link
Member Author

wfurt commented Apr 1, 2021

/backport to release/5.0

@github-actions
Copy link
Contributor

github-actions bot commented Apr 1, 2021

Started backporting to release/5.0: https://github.com/dotnet/runtime/actions/runs/709482438

@github-actions github-actions bot mentioned this pull request Apr 1, 2021
Merged
@ghost ghost locked as resolved and limited conversation to collaborators May 1, 2021
@karelz karelz added this to the 6.0.0 milestone May 20, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@geoffkizer geoffkizer geoffkizer approved these changes

Assignees

@wfurt wfurt

Labels
area-System.Net.Http
Projects
None yet
Milestone
6.0.0
Development

Successfully merging this pull request may close these issues.

Digest challenge - domain fails with empty string
3 participants
@wfurt @geoffkizer @karelz