diff --git a/Tests/HttpUnitTests/HttpListenerRequestTests.cs b/Tests/HttpUnitTests/HttpListenerRequestTests.cs
new file mode 100644
index 0000000..1202d74
--- /dev/null
+++ b/Tests/HttpUnitTests/HttpListenerRequestTests.cs
@@ -0,0 +1,34 @@
+//
+// Copyright (c) .NET Foundation and Contributors
+// See LICENSE file in the project root for full license information.
+//
+
+
+using System.Net;
+using nanoFramework.TestFramework;
+
+namespace HttpUnitTests
+{
+ internal class HttpListenerRequestTests
+ {
+ // Verifies that malformed Authorization header (no space) does not cause a crash
+ [TestMethod]
+ public void Add_Authorization_NoSpaceMultipleChars_ShouldNotThrow()
+ {
+ var headers = new WebHeaderCollection();
+ headers.Add("Authorization: a111111");
+ string value = headers["Authorization"];
+ Assert.AreEqual("a111111", value);
+ }
+
+ // Verifies that a properly formatted Authorization header (with space) is parsed and stored correctly
+ [TestMethod]
+ public void Add_Authorization_ValidBasicToken_ShouldSucceed()
+ {
+ var headers = new WebHeaderCollection();
+ headers.Add("Authorization: Basic dXNlcjpwYXNz");
+ string value = headers["Authorization"];
+ Assert.AreEqual("Basic dXNlcjpwYXNz", value);
+ }
+ }
+}
diff --git a/Tests/HttpUnitTests/HttpUnitTests.nfproj b/Tests/HttpUnitTests/HttpUnitTests.nfproj
index 7e9aa7f..b67072a 100644
--- a/Tests/HttpUnitTests/HttpUnitTests.nfproj
+++ b/Tests/HttpUnitTests/HttpUnitTests.nfproj
@@ -26,6 +26,7 @@
+
diff --git a/nanoFramework.System.Net.Http/Http/System.Net.HttpListenerRequest.cs b/nanoFramework.System.Net.Http/Http/System.Net.HttpListenerRequest.cs
index c959518..54d9c6d 100644
--- a/nanoFramework.System.Net.Http/Http/System.Net.HttpListenerRequest.cs
+++ b/nanoFramework.System.Net.Http/Http/System.Net.HttpListenerRequest.cs
@@ -1,4 +1,4 @@
-//
+//
// Copyright (c) .NET Foundation and Contributors
// Portions Copyright (c) Microsoft Corporation. All rights reserved.
// See LICENSE file in the project root for full license information.
@@ -206,21 +206,26 @@ internal void ParseHTTPRequest()
if (headerName == "authorization")
{
int sepSpace = headerValue.IndexOf(' ');
- string authType = headerValue.Substring(0, sepSpace);
- if (authType.ToLower() == "basic")
+ // Authorization header value must contain an auth scheme followed by a space and its parameter(s), e.g. "Basic xxx" or "Bearer xxx". If not, ignore.
+ if (sepSpace > 0)
{
- string authInfo = headerValue.Substring(sepSpace + 1);
- // authInfo is base64 encoded username and password.
- byte[] authInfoDecoded = Convert.FromBase64String(authInfo);
- char[] authInfoDecChar = System.Text.Encoding.UTF8.GetChars(authInfoDecoded);
- string strAuthInfo = new string(authInfoDecChar);
- // The strAuthInfo comes in format username:password. Parse it.
- int sepColon = strAuthInfo.IndexOf(':');
- if (sepColon != -1)
+ string authType = headerValue.Substring(0, sepSpace);
+ if (authType.ToLower() == "basic")
{
- m_NetworkCredentials = new NetworkCredential(strAuthInfo.Substring(0, sepColon), strAuthInfo.Substring(sepColon + 1));
+ string authInfo = headerValue.Substring(sepSpace + 1);
+ // authInfo is base64 encoded username and password.
+ byte[] authInfoDecoded = Convert.FromBase64String(authInfo);
+ char[] authInfoDecChar = System.Text.Encoding.UTF8.GetChars(authInfoDecoded);
+ string strAuthInfo = new string(authInfoDecChar);
+ // The strAuthInfo comes in format username:password. Parse it.
+ int sepColon = strAuthInfo.IndexOf(':');
+ if (sepColon != -1)
+ {
+ m_NetworkCredentials = new NetworkCredential(strAuthInfo.Substring(0, sepColon), strAuthInfo.Substring(sepColon + 1));
+ }
}
}
+
}
}