APIcast authorising requests when Basic auth credentials are not exact

Solution Unverified - Updated -

Issue

  • Given some valid Basic Authorization credentials: YXBwX2tleTpwYXNzd29yZA== APIcast authorizes requests even if additional characters (that make the base64 format invalid) are appended to the credentials.
    The following request would be successful:

    curl -k "https://apicast-staging.testing:443/" -H "Authorization: Basic YXBwX2tleTpwYXNzd29yZA==foo"

Environment

  • Red Hat 3scale API Management Platform (3scale API Management)
    • SaaS
    • 2 (on-premise)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content