Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Not to standard: Raw body is include in the signature base string #110

Open
Ian1971 opened this issue Sep 16, 2021 · 0 comments
Open

Not to standard: Raw body is include in the signature base string #110

Ian1971 opened this issue Sep 16, 2021 · 0 comments

Comments

@Ian1971
Copy link

Ian1971 commented Sep 16, 2021

According to the oauth1a standard the body should only be included under certain specific conditions:

https://datatracker.ietf.org/doc/html/rfc5849#section-3.4.1.3

 o  The HTTP request entity-body, but only if all of the following
      conditions are met:

      *  The entity-body is single-part.

      *  The entity-body follows the encoding requirements of the
         "application/x-www-form-urlencoded" content-type as defined by
         [W3C.REC-html40-19980424].

      *  The HTTP request entity-header includes the "Content-Type"
         header field set to "application/x-www-form-urlencoded".

In particular it seems that this library is always including the body regardless of the content-type.

The issue was alluded to in this issue #60 but I don't think any changes were made to the library. The OP there indicates he hacked it to not include the body based on a parameter.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Ian1971