如何处理HTTP请求标头中的非ASCII字符? [英] How to handle non-ascii characters in HTTP request header?

问题描述

在我们的应用程序中，我们将密码作为标头的一部分发送到我们的auth服务.但是，我们遇到了这样一种情况，用户正在使用非ASCII字符作为其密码的一部分，而我发现HTTP不支持非ASCII字符.

In our application, we are sending passwords as part of the header for authentication to our auth service. However, we're running into a situation where users are using non-ascii characters as part of their password, and I found out that non-ascii characters are not supported in HTTP.

有什么方法可以解决这个问题?

What are some approaches to handling this?

推荐答案

您需要以ASCII兼容格式对其进行编码.

You need to encode it in an ASCII compatible format.

Base 64 就是这种编码.

以下是他们如何使用Base 64为 HTTP基本身份验证的示例.编码.

Here is an exemple of how they did it for the HTTP Basic Authentication using Base 64 encoding.

授权字段的构造如下:

The Authorization field is constructed as follows:

• 用户名和密码用单个冒号(:)组合.这意味着用户名本身不能包含冒号.
• 结果字符串被编码为一个八位字节序列.默认情况下，用于此编码的字符集是未指定的，只要它与US-ASCII兼容即可，但是服务器可以通过发送charset参数来建议使用UTF-8.
• 结果字符串使用Base64的变体进行编码.
• 然后将授权方法和空格(例如"Basic")添加到已编码的字符串之前.

例如，如果浏览器使用 Aladdin 作为用户名，并使用 OpenSesame 作为密码，则该字段的值将是 Aladdin:OpenSesame的base64编码.或 QWxhZGRpbjpPcGVuU2VzYW11l .然后，授权标头将显示为:

For example, if the browser uses Aladdin as the username and OpenSesame as the password, then the field's value is the base64-encoding of Aladdin:OpenSesame, or QWxhZGRpbjpPcGVuU2VzYW1l. Then the Authorization header will appear as:

Authorization: Basic QWxhZGRpbjpPcGVuU2VzYW1l 

因此，假设您的密码为 ǁǂǃDŽDždžLJLjljNJNjnjǍǎǏǐǑǒǓǔǕǖǗǘǙǚǛǜǝǞǟ ，该密码无法使用ASCII字符集表示.

So let's say your password is ǁǂǃDŽDždžLJLjljNJNjnjǍǎǏǐǑǒǓǔǕǖǗǘǙǚǛǜǝǞǟ, which cannot be represented using the ASCII charset.

这是一些伪代码，向您展示如何操作

Here is some pseudo code showing you how to do it

var password = 'ǁǂǃDŽDždžLJLjljNJNjnjǍǎǏǐǑǒǓǔǕǖǗǘǙǚǛǜǝǞǟ'
var base64EncodedPassword = base64Encode(password)

var httpHeader = new HttpHeader('Password', base64EncodedPassword)

这将导致以下标题.仅使用ASCII字符表示

And it would results in the following header. Represented using only ASCII char

Password: x4HHgseDx4THhceGx4fHiMeJx4rHi8eMx43HjsePx5DHkceSx5PHlMeVx5bHl8eYx5nHmsebx5zHnceex58=

这篇关于如何处理HTTP请求标头中的非ASCII字符?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！