Inserted auth_token headers aren't WSGI compliant
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
keystonemiddleware |
In Progress
|
High
|
Unassigned |
Bug Description
The PEP says [1]:
> "Native" strings (which are always implemented using the
> type named ``str``) ... are used for request/response
> headers and metadata
and
> Do not be confused however: even if Python's ``str`` type
> is actually Unicode "under the hood", the *content* of
> native strings must still be translatable to bytes via
> the Latin-1 encoding!
But when auth_token adds headers [2], it takes them straight from the auth_ref, which was deserialized from JSON and thus uses unicode. This may or may not be the right thing to do on Python 3 (I haven't looked to see whether the AccessInfo instances typically limit unicode values to the Latin-1 set or not), but it's definitely wrong for Python 2 where all headers should be bytes. This can cause applications to break in not-always-obvious ways [3].
I've attached a partial fix, but more thought seems required -- in particular there are places where we set some headers to None, which also seems out of spec.
[1] https:/
[2] https:/
[3] https:/
Changed in keystonemiddleware: | |
assignee: | Morgan Fainberg (mdrnstm) → nobody |
This looks great and we totally would like to have this fix in keystonemiddleware. Can you submit the patch to our gerrit: review. openstack. org ? Thanks!