Skip to content

Commit 6575598

Browse files
NeradocNeradoc
committed
HTTP headers and methods are not case sensitive
had the issue where Firefox would send "authorization" in lower case
1 parent 9a6c388 commit 6575598

File tree

1 file changed

+20
-20
lines changed

1 file changed

+20
-20
lines changed

supervisor/shared/web_workflow/web_workflow.c

Lines changed: 20 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -912,7 +912,7 @@ static bool _reply(socketpool_socket_obj_t *socket, _request *request) {
912912
ESP_LOGE(TAG, "bad origin %s", request->origin);
913913
_reply_forbidden(socket, request);
914914
} else if (memcmp(request->path, "/fs/", 4) == 0) {
915-
if (strcmp(request->method, "OPTIONS") == 0) {
915+
if (strcasecmp(request->method, "OPTIONS") == 0) {
916916
// OPTIONS is sent for CORS preflight, unauthenticated
917917
_reply_access_control(socket, request);
918918
} else if (!request->authenticated) {
@@ -936,7 +936,7 @@ static bool _reply(socketpool_socket_obj_t *socket, _request *request) {
936936
}
937937
// Delete is almost identical for files and directories so share the
938938
// implementation.
939-
if (strcmp(request->method, "DELETE") == 0) {
939+
if (strcasecmp(request->method, "DELETE") == 0) {
940940
if (_usb_active()) {
941941
_reply_conflict(socket, request);
942942
return false;
@@ -966,7 +966,7 @@ static bool _reply(socketpool_socket_obj_t *socket, _request *request) {
966966
return true;
967967
}
968968
} else if (directory) {
969-
if (strcmp(request->method, "GET") == 0) {
969+
if (strcasecmp(request->method, "GET") == 0) {
970970
FF_DIR dir;
971971
FRESULT res = f_opendir(fs, &dir, path);
972972
// Put the / back for replies.
@@ -986,7 +986,7 @@ static bool _reply(socketpool_socket_obj_t *socket, _request *request) {
986986
}
987987

988988
f_closedir(&dir);
989-
} else if (strcmp(request->method, "PUT") == 0) {
989+
} else if (strcasecmp(request->method, "PUT") == 0) {
990990
if (_usb_active()) {
991991
_reply_conflict(socket, request);
992992
return false;
@@ -1015,7 +1015,7 @@ static bool _reply(socketpool_socket_obj_t *socket, _request *request) {
10151015
}
10161016
}
10171017
} else { // Dealing with a file.
1018-
if (strcmp(request->method, "GET") == 0) {
1018+
if (strcasecmp(request->method, "GET") == 0) {
10191019
FIL active_file;
10201020
FRESULT result = f_open(fs, &active_file, path, FA_READ);
10211021

@@ -1026,18 +1026,18 @@ static bool _reply(socketpool_socket_obj_t *socket, _request *request) {
10261026
}
10271027

10281028
f_close(&active_file);
1029-
} else if (strcmp(request->method, "PUT") == 0) {
1029+
} else if (strcasecmp(request->method, "PUT") == 0) {
10301030
_write_file_and_reply(socket, request, fs, path);
10311031
return true;
10321032
}
10331033
}
10341034
}
10351035
} else if (memcmp(request->path, "/cp/", 4) == 0) {
10361036
const char *path = request->path + 3;
1037-
if (strcmp(request->method, "OPTIONS") == 0) {
1037+
if (strcasecmp(request->method, "OPTIONS") == 0) {
10381038
// handle preflight requests to /cp/
10391039
_reply_access_control(socket, request);
1040-
} else if (strcmp(request->method, "GET") != 0) {
1040+
} else if (strcasecmp(request->method, "GET") != 0) {
10411041
_reply_method_not_allowed(socket, request);
10421042
} else if (strcmp(path, "/devices.json") == 0) {
10431043
_reply_with_devices_json(socket, request);
@@ -1058,7 +1058,7 @@ static bool _reply(socketpool_socket_obj_t *socket, _request *request) {
10581058
} else {
10591059
_reply_missing(socket, request);
10601060
}
1061-
} else if (strcmp(request->method, "GET") != 0) {
1061+
} else if (strcasecmp(request->method, "GET") != 0) {
10621062
_reply_method_not_allowed(socket, request);
10631063
} else {
10641064
if (strcmp(request->path, "/") == 0) {
@@ -1175,27 +1175,27 @@ static void _process_request(socketpool_socket_obj_t *socket, _request *request)
11751175
request->header_value[request->offset - 1] = '\0';
11761176
request->offset = 0;
11771177
request->state = STATE_HEADER_KEY;
1178-
if (strcmp(request->header_key, "Authorization") == 0) {
1178+
if (strcasecmp(request->header_key, "Authorization") == 0) {
11791179
const char *prefix = "Basic ";
11801180
request->authenticated = memcmp(request->header_value, prefix, strlen(prefix)) == 0 &&
11811181
strcmp(_api_password, request->header_value + strlen(prefix)) == 0;
1182-
} else if (strcmp(request->header_key, "Host") == 0) {
1182+
} else if (strcasecmp(request->header_key, "Host") == 0) {
11831183
request->redirect = strcmp(request->header_value, "circuitpython.local") == 0;
1184-
} else if (strcmp(request->header_key, "Content-Length") == 0) {
1184+
} else if (strcasecmp(request->header_key, "Content-Length") == 0) {
11851185
request->content_length = strtoul(request->header_value, NULL, 10);
1186-
} else if (strcmp(request->header_key, "Expect") == 0) {
1186+
} else if (strcasecmp(request->header_key, "Expect") == 0) {
11871187
request->expect = strcmp(request->header_value, "100-continue") == 0;
1188-
} else if (strcmp(request->header_key, "Accept") == 0) {
1189-
request->json = strcmp(request->header_value, "application/json") == 0;
1190-
} else if (strcmp(request->header_key, "Origin") == 0) {
1188+
} else if (strcasecmp(request->header_key, "Accept") == 0) {
1189+
request->json = strcasecmp(request->header_value, "application/json") == 0;
1190+
} else if (strcasecmp(request->header_key, "Origin") == 0) {
11911191
strcpy(request->origin, request->header_value);
1192-
} else if (strcmp(request->header_key, "X-Timestamp") == 0) {
1192+
} else if (strcasecmp(request->header_key, "X-Timestamp") == 0) {
11931193
request->timestamp_ms = strtoull(request->header_value, NULL, 10);
1194-
} else if (strcmp(request->header_key, "Upgrade") == 0) {
1194+
} else if (strcasecmp(request->header_key, "Upgrade") == 0) {
11951195
request->websocket = strcmp(request->header_value, "websocket") == 0;
1196-
} else if (strcmp(request->header_key, "Sec-WebSocket-Version") == 0) {
1196+
} else if (strcasecmp(request->header_key, "Sec-WebSocket-Version") == 0) {
11971197
request->websocket_version = strtoul(request->header_value, NULL, 10);
1198-
} else if (strcmp(request->header_key, "Sec-WebSocket-Key") == 0 &&
1198+
} else if (strcasecmp(request->header_key, "Sec-WebSocket-Key") == 0 &&
11991199
strlen(request->header_value) == 24) {
12001200
strcpy(request->websocket_key, request->header_value);
12011201
}

0 commit comments

Comments
 (0)