Hi Adam, The HTTP spec states clearly that header fields can be extended over multiple lines. See http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.2
Quote from the first paragraph in section 4.2: > Header fields can be extended over multiple lines by preceding each > extra line with at least one SP or HT. So when nginx doesn't pass the multi line authorization header field correctly then I would assume it is a bug in nginx. - Marc Worrell On 23 feb 2009, at 00:12, Adam Greene wrote: > I'm not totally sure the best place to ask this question is, but I ran > into an issue with OAuth headers that is a bit odd. The oauth library > I'm using (oauth-php) creates the Oauth Authorization header to look > something like this: > > Authorization: OAuth realm="", > oauth_signature_method="HMAC-SHA1", > oauth_signature="b9R%2BMtCpVKhdJ46kOoWatBsbslE%3D", > oauth_nonce="49a19dcac9edc", > oauth_timestamp="1235328458", > oauth_token="", > oauth_consumer_key="2rb5KiLWvCDvQjn8HBALw", > oauth_version="1.0" > > this is being called against an nginx webserver, which truncates > anything including and after the first return character (ie, it only > passes through 'OAuth realm="",'). If I change oauth-php to not > insert a return character, nginx passes the full header through. > > so this raises a few questions: > * the oauth spec example shows new line characters: > http://oauth.net/core/1.0/#auth_header > * I couldn't find anything in the HTTP 1.1 spec that says if newlines > are allowed or not > * is their a bug in nginx? > * the ruby-oauth library does not use a return character when creating > the auth header, and it works just fine when going through nginx. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
