Handle invalid strings in authorization headers
What does this MR do?
When using git-over-http the GitHttpClientController would try to look up the user or token read from the Authorization headers.
If one of those headers would contain a base64 encoded null-byte, this would result in an ArgumentError.
This adds support for that to the middleware by decoding the authorization headers and validating them beforehand.
It will also avoid trying to decode non-base64 encoded headers, and instead validate the content without as-is.
This reverts commit 44cebe45.
Part of !46985 (merged)
Reintroduces !46985 (merged)
Does this MR meet the acceptance criteria?
Conformity
-
Changelog entry - [-] Documentation (if required)
-
Code review guidelines -
Merge request performance guidelines -
Style guides -
Database guides -
Separation of EE specific content
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. -
Tested in all supported browsers - [-] Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Edited by Bob Van Landuyt