0

Dart fails to parse the www-authenticate response header.

For example: The result of curl -i -X POST https://api.thetvdb.com/login is:

HTTP/2 401 
date: Mon, 29 Jul 2019 09:15:50 GMT
content-type: application/json; charset=utf-8
content-length: 26
set-cookie: __cfduid=d0a0c5ee3934fe0f08c3ddd136ab53e471564391749; expires=Tue, 28-Jul-20 09:15:49 GMT; path=/; domain=.thetvdb.com; HttpOnly
vary: Accept-Language
www-authenticate: JWT realm=jwt auth
x-powered-by: Thundar!
x-thetvdb-api-version: 2.2.0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 4fddfd9498b5c2c2-FRA

{"Error":"Not authorized"}

When I try to run the same using dart, I get an exception

import 'dart:io';

Future main() async {
  var httpClient = HttpClient();
  var request = await httpClient.postUrl(Uri.parse('https://api.thetvdb.com/login'));
  await request.close();
  httpClient.close();
}

HttpException: Failed to parse header value
#0      _HeaderValue._parse.expect (dart:_http/http_headers.dart:684:9)
#1      _HeaderValue._parse.parseParameters (dart:_http/http_headers.dart:764:15)
#2      _HeaderValue._parse (dart:_http/http_headers.dart:773:20)
#3      _HeaderValue.parse (dart:_http/http_headers.dart:626:12)
#4      _HttpClientResponse._authenticate (dart:_http/http_impl.dart:476:22)
#5      _HttpClientRequest._onIncoming (dart:_http/http_impl.dart:1093:25)
#6      _HttpClientConnection.send.<anonymous closure>.<anonymous closure> (dart:_http/http_impl.dart:1741:17)
#7      _RootZone.runUnary (dart:async/zone.dart:1379:54)
#8      _FutureListener.handleValue (dart:async/future_impl.dart:126:18)
#9      Future._propagateToListeners.handleValueCallback (dart:async/future_impl.dart:639:45)
#10     Future._propagateToListeners (dart:async/future_impl.dart:668:32)
#11     Future._completeWithValue (dart:async/future_impl.dart:483:5)
#12     Future._asyncComplete.<anonymous closure> (dart:async/future_impl.dart:513:7)
#13     _microtaskLoop (dart:async/schedule_microtask.dart:41:21)
#14     _startMicrotaskLoop (dart:async/schedule_microtask.dart:50:5)
#15     _Timer._runTimers (dart:isolate-patch/timer_impl.dart:391:30)
#16     _Timer._handleMessage (dart:isolate-patch/timer_impl.dart:416:5)
#17     _RawReceivePortImpl._handleMessage (dart:isolate-patch/isolate_patch.dart:172:12)

Is there any way around this? I don't know if the header value is valid or not, but it seems to be that even in case of an invalid response header callers should be able to get the 401 response back and not end up with an exception.

Am I doing something wrong?

Thanks, Itay

Itay Karo
  • 17,924
  • 4
  • 40
  • 58
  • I am quite sure that the www-authenticate field has a syntax error compare to the RFC for the field. For a workaround, could you catch the exception or do you need to use the returned HttpClientRequest? – julemand101 Jul 31 '19 at 10:38
  • @julemand thanks, in some cases I do need do be able to pull data out of the response. I wonder if it makes sense to complete the response parsing even in such cases given that many times callers can do nothing to fix the server. – Itay Karo Jul 31 '19 at 11:00

0 Answers0