APIcast authorising requests when Basic auth credentials are not exact
Issue
-
Given some valid Basic Authorization credentials:
YXBwX2tleTpwYXNzd29yZA==
APIcast authorizes requests even if additional characters (that make the base64 format invalid) are appended to the credentials.
The following request would be successful:curl -k "https://apicast-staging.testing:443/" -H "Authorization: Basic YXBwX2tleTpwYXNzd29yZA==foo"
Environment
- Red Hat 3scale API Management Platform (3scale API Management)
- SaaS
- 2 (on-premise)
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.