changeset 5933:2739d3db591f

mod_rest: Normalize case after filtering out non-match Prevents an attempt to index a nil value
author Kim Alvefur <zash@zash.se>
date Sun, 14 Jul 2024 18:01:24 +0200
parents d5e6617e47cc
children 667ce80937fa
files mod_rest/mod_rest.lua
diffstat 1 files changed, 1 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/mod_rest/mod_rest.lua	Sun Jul 14 17:58:48 2024 +0200
+++ b/mod_rest/mod_rest.lua	Sun Jul 14 18:01:24 2024 +0200
@@ -53,10 +53,10 @@
 
 local function check_credentials(request) -- > session | boolean, error
 	local auth_type, auth_data = string.match(request.headers.authorization, "^(%S+)%s(.+)$");
-	auth_type = auth_type:lower();
 	if not (auth_type and auth_data) or not auth_mechanisms:contains(auth_type) then
 		return nil, post_errors.new("noauthz", { request = request });
 	end
+	auth_type = auth_type:lower();
 
 	if auth_type == "basic" then
 		local creds = base64.decode(auth_data);