Hi Edi,
I found a bug in AUTHORIZATION.
If I click the "Authorization" link on the Hunchentoot test page and submit an empty username and password, instead of prompting me again, the server returns `Internal Server Error'.
In this case, the call to SPLIT returns nil, which does not match the DESTRUCTURING-BIND lambda list. My first reaction was simply to rewrite the DESTRUCTURING-BIND to permit a nil username as well as password:
(destructuring-bind (&optional user password) (split ":" (base64:base64-string-to-string (subseq authorization start))) (values user password))
Then, we would get (VALUES NIL NIL), which would seem consistent with the documentation. However, I also realised that AUTHORIZATION will return just nil if the auth header doesn't exist. Should that be documented?
Here's my environment:
* Hunchentoot 0.4.4 (no Apache, no mod_lisp) * latest versions (as of today) of dependencies * LispWorks 4.4.6 * OS X 10.4.8 * Safari 2.0.4 * Firefox 1.5.0.7
Regards,
Mike
P.S. Started migrating our apps from Portable AllegroServe to Hunchentoot this past week. Very pleased with the API and performance. Thanks!
-- Michael J. Forster mike@sharedlogic.ca