• Bob Van Landuyt's avatar
    Handle invalid strings in authorization headers · fcfb949b
    Bob Van Landuyt authored
    When using git-over-http the GitHttpClientController would try to look
    up the user or token read from the Authorization headers.
    
    If one of those headers would contain a base64 encoded null-byte,
    this would result in an ArgumentError.
    
    This adds support for that to the middleware by decoding the
    authorization headers and validating them beforehand.
    
    It will also avoid trying to decode non-base64 encoded headers, and
    instead validate the content without as-is.
    
    This reverts commit 44cebe45.
    fcfb949b
handle_malformed_strings_spec.rb 5.06 KB