Pending Review
Last Updated: 13 Jan 2021 00:12 by Eric
Created on: 12 Jan 2021 23:53
Type: Bug Report
Fiddler incorrectly strips Authorization header if it happens to contain the letters NTLM


Basically, the problem here is that if we're AutoAuthenticating when reissuing a request, we try to strip any default Auth header.


There's code that looks like


   if (theFlags.ContainsKey("x-AutoAuth") && newSession.requestHeaders["Authorization"].OICContains("NTLM") 

//... strip the header

The problem is that we should only be looking at the very first token of the Authorization header (e.g. before the first space). We should not search the whole header, because if the header is


    Authorization: Bearer BlahblahblahNtLMblahblah


we think it's an NTLM header and strip it. 


1 comment
Posted on: 13 Jan 2021 00:12

The fix is pretty simple, just use the TrimAfter method:

  string sAuthMethod = Utilities.TrimAfter(newSession.requestHeaders["Authorization"], ' ');