From a23503b851ef7114e3895d55dae5282989812007 Mon Sep 17 00:00:00 2001 From: Cengiz Can Date: Thu, 16 Oct 2014 16:44:14 +0300 Subject: [PATCH] Remove extra double quotes from Realm According to Go documents `%q` already wraps string with double quotes. %s the uninterpreted bytes of the string or slice %q a double-quoted string safely escaped with Go syntax %x base 16, lower-case, two characters per byte %X base 16, upper-case, two characters per byte This produces a header like this and breaks Perl LWP::UserAgent->credentials HTTP/1.1 401 Unauthorized Content-Type: text/plain; charset=utf-8 Www-Authenticate: Basic realm=""Restricted"" Date: ... Content-Length: 13 Thus, I removed extra quotes and Realm value is now correctly escaped and wrapped into quotes only once[1]] Www-Authenticate: Basic realm="Restricted" [0]: http://golang.org/pkg/fmt/ [1]: http://en.wikipedia.org/wiki/Basic_access_authentication#Server_side --- basic_auth.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/basic_auth.go b/basic_auth.go index 287d940..6b47857 100644 --- a/basic_auth.go +++ b/basic_auth.go @@ -88,7 +88,7 @@ func (b *basicAuth) authenticate(r *http.Request) bool { // Require authentication, and serve our error handler otherwise. func (b *basicAuth) requestAuth(w http.ResponseWriter, r *http.Request) { - w.Header().Set("WWW-Authenticate", fmt.Sprintf(`Basic realm="%q"`, b.opts.Realm)) + w.Header().Set("WWW-Authenticate", fmt.Sprintf(`Basic realm=%q`, b.opts.Realm)) b.opts.UnauthorizedHandler.ServeHTTP(w, r) }