Inserted auth_token headers aren't WSGI compliant
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| keystonemiddleware |
In Progress
|
High
|
Unassigned | ||
Bug Description
The PEP says [1]:
> "Native" strings (which are always implemented using the
> type named ``str``) ... are used for request/response
> headers and metadata
and
> Do not be confused however: even if Python's ``str`` type
> is actually Unicode "under the hood", the *content* of
> native strings must still be translatable to bytes via
> the Latin-1 encoding!
But when auth_token adds headers [2], it takes them straight from the auth_ref, which was deserialized from JSON and thus uses unicode. This may or may not be the right thing to do on Python 3 (I haven't looked to see whether the AccessInfo instances typically limit unicode values to the Latin-1 set or not), but it's definitely wrong for Python 2 where all headers should be bytes. This can cause applications to break in not-always-obvious ways [3].
I've attached a partial fix, but more thought seems required -- in particular there are places where we set some headers to None, which also seems out of spec.
[1] https:/
[2] https:/
[3] https:/
| Tim Burke (1-tim-z) wrote | #1 |
| Morgan Fainberg (mdrnstm) wrote | #2 |
| Changed in keystonemiddleware: | |
| status: | New → Triaged |
| importance: | Undecided → High |
| OpenStack Infra (hudson-openstack) wrote Fix proposed to keystonemiddleware (master) | #3 |
| Changed in keystonemiddleware: | |
| assignee: | nobody → Morgan Fainberg (mdrnstm) |
| status: | Triaged → In Progress |
| OpenStack Infra (hudson-openstack) wrote Change abandoned on keystonemiddleware (master) | #4 |
| Changed in keystonemiddleware: | |
| assignee: | Morgan Fainberg (mdrnstm) → nobody |
This looks great and we totally would like to have this fix in keystonemiddleware. Can you submit the patch to our gerrit: review.