diff --git a/CHANGELOG.md b/CHANGELOG.md index 9b018c1feb7f..5f4a4c2f1bb9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,10 @@ This release contains breaking changes. - Plugins migrations. Each plugin can now have its own migration scripts if it needs to store data in your cluster. This is a step forward to improve Kong's pluggable architecture. [#443](https://github.com/Mashape/kong/pull/443) - The Basic Authentication plugin now supports credentials in the `Proxy-Authorization` header. [#460](https://github.com/Mashape/kong/issues/460) +#### Changed + +- Basic Authentication and Key Authentication now require authentication parameters even when the `Expect: 100-continue` header is being sent. [#408](https://github.com/Mashape/kong/issues/408) + ## [0.4.2] - 2015/08/10 #### Added diff --git a/kong/plugins/basicauth/access.lua b/kong/plugins/basicauth/access.lua index ed0a4a0a04fa..f558e7e53903 100644 --- a/kong/plugins/basicauth/access.lua +++ b/kong/plugins/basicauth/access.lua @@ -8,11 +8,6 @@ local PROXY_AUTHORIZATION = "proxy-authorization" local _M = {} -local function skip_authentication(headers) - -- Skip upload request that expect a 100 Continue response - return headers["expect"] and stringy.startswith(headers["expect"], "100") -end - -- Fast lookup for credential retrieval depending on the type of the authentication -- -- All methods must respect: @@ -89,8 +84,6 @@ local function load_credential(username) end function _M.execute(conf) - if skip_authentication(ngx.req.get_headers()) then return end - -- If both headers are missing, return 401 if not (ngx.req.get_headers()[AUTHORIZATION] or ngx.req.get_headers()[PROXY_AUTHORIZATION]) then ngx.ctx.stop_phases = true diff --git a/kong/plugins/keyauth/access.lua b/kong/plugins/keyauth/access.lua index dd58f60244ef..5a96c4e5b482 100644 --- a/kong/plugins/keyauth/access.lua +++ b/kong/plugins/keyauth/access.lua @@ -11,11 +11,6 @@ local MULTIPART_DATA = "multipart/form-data" local _M = {} -local function skip_authentication(headers) - -- Skip upload request that expect a 100 Continue response - return headers["expect"] and stringy.startswith(headers["expect"], "100") -end - local function get_key_from_query(key_name, request, conf) local key, parameters local found_in = {} @@ -116,8 +111,6 @@ local retrieve_credentials = { } function _M.execute(conf) - if skip_authentication(ngx.req.get_headers()) then return end - local key, key_found, credential for _, v in ipairs({ constants.AUTHENTICATION.QUERY, constants.AUTHENTICATION.HEADER }) do key = retrieve_credentials[v](ngx.req, conf)