hey folks,<br><br>I ran into a funny issue with nginx when working on accepting oauth calls. Nginx is stripping the authorization header out if the field value contains newlines. Http 1.1 guidelines state that this is valid:<br>
<br><br><br>to recreate, do the following:<br>* add $http_authorization to your nginx 'log_format main' clause so you can see what is happening (or print out the headers from wherever nginx proxies the call to)<br>
<br>* run a curl command like this against your nginx server:<br>curl -d '' -H 'Authorization: OAuth realm="",<br> oauth_signature_method="HMAC-SHA1",<br> oauth_signature="RmNuGxdkf6EaU%2Fy4PXgHj07aA3I%3D",<br>
oauth_nonce="49a19e21eebf0",<br> oauth_timestamp="1235328545",<br> oauth_token="some_token",<br> oauth_consumer_key="consumer_key",<br> oauth_version="1.0"' <a href="http://your.server.com">http://your.server.com</a><br>
<br>* you'll see the header value terminated after the first 'OAuth realm="",' <br>* try the same curl command but remove the return characters, and it will work <br><br>the same behavior occurs when I strip out all proxy, compression, and ssl and try to leave a very basic config file. here is some information about nginx:<br>
<br># nginx -V<br>nginx version: nginx/0.6.34<br>built by gcc 4.2.4 (Ubuntu 4.2.4-1ubuntu3)<br>configure arguments: --sbin-path=/usr/sbin --conf-path=/etc/nginx/nginx.conf --pid-path=/var/run/nginx.pid --with-http_ssl_module --with-http_stub_status_module --add-module=/tmp/src/nginx/modules/nginx-upstream-fair<br>
<br>I'm a bit surprised that I'm seeing this and while I'm starting to suspect nginx I'm sure it is possible that I'm missing something. If this is a valid bug, let me know what you would like in terms of additional documentation, examples, etc.<br>
<br>thank you!<br>Adam<br><br><br>