Header format causes trouble webob
Bug #835045 reported by
Rick Harris
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Invalid
|
High
|
Dolph Mathews |
Bug Description
Both Nova and Glance use webob to encapsulate HTTP requests.
Webob canoncalizes headers, changing the underscore '_' to a dash '-':
http://
This is a problem because it means that `nova_auth_token` and `glance_auth_token` shims may not work since webob may have changed 'X_ROLE' to 'X-Role'.
Googling around, it seems like many proxies do some form of header canonicalization, so, this really isn't just a webob problem.
Given that dashes are the standard, we should probably switch over to using them for max compatibility.
Changed in keystone: | |
importance: | Undecided → Medium |
Changed in keystone: | |
milestone: | none → essex-3 |
importance: | Medium → High |
Changed in keystone: | |
assignee: | nobody → Dolph Mathews (dolph) |
Changed in keystone: | |
milestone: | essex-3 → none |
To post a comment you must log in.
My understanding is that the WSGI spec (PEP-333) says that the "environ parameter is a dictionary object, containing CGI-style environment variables." In turn, the CGI spec (RFC-3875) explicitly defines the grammar for environment meta-variables (section 4.1), based on the HTTP spec (section 4.2 & 2.2, RFC-2616), but also narrows the grammar for implementation- defined HTTP variables as "HTTP_X_*", which I'm guessing establishes the convention for normalizing to all underscores (HTTP_X_AUTH_TOKEN in the CGI env. Our own spec defines our HTTP headers Using-Hyphens (X-Auth-Token).
Looking through the keystone codebase, we appear to always read/write to/from the dictionary of CGI-style environment variables using underscores, and always read/write raw HTTP headers using hyphens, which appears to follow both the convention and our defined spec concerning headers.
If there's a specific usage I missed which is causing issues, please point it out, otherwise I think we can close this for e3.
PEP-333: http:// www.python. org/dev/ peps/pep- 0333/ www.ietf. org/rfc/ rfc3875 www.ietf. org/rfc/ rfc2616. txt
RFC-3875: http://
RFC-2616: http://