Basic auth requires forbidden HTTP_CUSTOM_HEADER

Solo Mornington · December 31, 2019

Hi.

I'd really like to use HTTP Basic Authentication to be able to authenticate with a web server using llHTTPRequest(). Read about it here: https://en.wikipedia.org/wiki/Basic_access_authentication It's also RFC 7617: https://tools.ietf.org/html/rfc7617

The basic auth scheme uses the 'Authorization' header, but it's not the only one. Here's a note on it from Mozilla: https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication#Authentication_schemes

The reason this is an issue is because LSL complains if you try to send a HTTP_CUSTOM_HEADER of 'Authorization'.

Is there any way to get this header unblocked from LSL? Or do I need to write a compatibility layer (meaning: I give up)?

Solo Mornington · January 1, 2020

Well it turns out it's user error, sort of. 🙂

You can copy and paste a string into the LSL editor with a null or tab or whatever. I don't know which it was because I saved over it.

It turns out that this works:

list parameters = [
  HTTP_ACCEPT, "application/json",
  HTTP_CUSTOM_HEADER, "Authorization", "Basic [hash]"
];

Recommended Posts