Aleix Conchillo Flaqué <aconchi...@gmail.com> writes: > On Thu, Jun 23, 2022 at 3:20 PM Maxime Devos <maximede...@telenet.be> wrote: > > Aleix Conchillo Flaqué schreef op do 23-06-2022 om 14:13 [-0700]: > > > https://community.spotify.com/t5/Spotify-for-Developers/API-Authorization-header-doesn-t-follow-HTTP-spec/m-p/5397381#M4917 > > > Also, there's still a potential patch to be had, e.g. you could add > > > a test checking that Guile properly supports schemes in other cases > > > (if not done already). > > > > What do you mean? > > Even if there is nothing that _has_ to be done in Guile, there's still > thing that _can_ be done in Guile to improve Guile's test suite -- in > this case, a test in the test suite that the Guile's web code > understands both lowercase and uppercase and titlecase authorisation > schemes. > > Ah, got it. Yes, that would make sense. > > I was thinking about it again. I know that Guile complies with the standard > but since, I would say, capitalized schemes is what most libraries use, would > it make sense to switch to that? I don't really expect big companies to fix > this kind of stuff fast and in the meantime we can't use Guile for certain > things. I have to say I've never seen lowercase Authorization header schemes.
I think that it makes sense to ensure that Guile works with other libraries. It’s this kind of compatibility code that makes the difference between a tool that’s good in theory and one that works in practice. The robustness principle applies here:¹ Be lenient in what you accept and strict in what you send — sending the header in lowercase requires others to be lenient which cannot work. Best wishes, Arne ¹: While the robustness principle can be harmful when you’re the one mantaining the spec, because it can prevent required fixes in the spec (<https://www.ietf.org/archive/id/draft-iab-protocol-maintenance-05.html>), it applies here, because we cannot change the spec or what others accept. - Unpolitisch sein heißt politisch sein, ohne es zu merken. draketo.de
signature.asc
Description: PGP signature
