This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2020-01-05
Channels
- # aleph (6)
- # announcements (2)
- # babashka (8)
- # beginners (121)
- # calva (7)
- # cider (7)
- # clj-kondo (25)
- # clojure (167)
- # clojure-android (1)
- # clojure-italy (1)
- # clojure-sweden (1)
- # clojuredesign-podcast (2)
- # clojurescript (11)
- # community-development (33)
- # cursive (23)
- # data-science (1)
- # datascript (11)
- # datomic (7)
- # emacs (12)
- # events (1)
- # fulcro (15)
- # graalvm (3)
- # hoplon (1)
- # instaparse (1)
- # malli (12)
- # off-topic (1)
- # planck (3)
- # re-frame (5)
- # shadow-cljs (61)
- # test-check (2)
I just started seeing aleph start throwing some wonky handshake error on connection: Invalid handshake response getStatus: 200 OK
After digging into it, I found this: https://github.com/ztellman/aleph/issues/21 which mentioned issues with headers, so I took at look at what my headers were. It turns out, the issue here is the authorization header, but I still have no idea why. The header is this:
{"Authorization" "Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJtSjB2MENCdzF0dUhqT2pYMGpQTE9zY19oMW96WWo5WXQyeEV6SVpGeDV3In0.eyJqdGkiOiI4ZWYwYzY3My1jZjZiLTRjMmQtODQyZS1mZDY1ZjQyMTI1NmEiLCJleHAiOjE1Nzg3OTA0NzIsIm5iZiI6MCwiaWF0IjoxNTc4MTg1NjcyLCJpc3MiOiJodHRwOi8vYXV0aC5va2xldHNwbGF5LmNvbTo4MDgwL2F1dGgvcmVhbG1zL2xldHNiZXQiLCJhdWQiOiJhY2NvdW50Iiwic3ViIjoiMzlkZWQwODktODIwMi00M2QxLWE4NTgtZTQ3Zjk1ZDU0ZTFiIiwidHlwIjoiQmVhcmVyIiwiYXpwIjoicmVhbC10aW1lLXJlYWQiLCJhdXRoX3RpbWUiOjAsInNlc3Npb25fc3RhdGUiOiIyM2NmZGQ4NC1hMzc1LTRhZTctOTAwNC1jNjNiZWFiMGQxODAiLCJhY3IiOiIxIiwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbIm9mZmxpbmVfYWNjZXNzIiwidW1hX2F1dGhvcml6YXRpb24iXX0sInJlc291cmNlX2FjY2VzcyI6eyJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50IiwibWFuYWdlLWFjY291bnQtbGlua3MiLCJ2aWV3LXByb2ZpbGUiXX19LCJzY29wZSI6InByb2ZpbGUgZW1haWwiLCJjbGllbnRIb3N0IjoiMTcyLjE4LjAuMiIsImNsaWVudElkIjoicmVhbC10aW1lLXJlYWQiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsInByZWZlcnJlZF91c2VybmFtZSI6InNlcnZpY2UtYWNjb3VudC1yZWFsLXRpbWUtcmVhZCIsImNsaWVudEFkZHJlc3MiOiIxNzIuMTguMC4yIiwiZW1haWwiOiJzZXJ2aWNlLWFjY291bnQtcmVhbC10aW1lLXJlYWRAcGxhY2Vob2xkZXIub3JnIn0.llQew9yXjAqajcZXVJz2LgHZN0SsEuRXD3EyW_UCK_vddOPu84_ANElypv1Z9zaa1ffTEuMrs89JyBPBRShh_xMVAAc_QpPRfGas-01Qz4WPwHk4Phs7TMv3VvBwCWRGF4V97ZxmstDs2eTKnR5-NtNiaG-Bzx87ZLHAIUV6sn0bDyhCBX3yOQRg9pPk8KH1fh40NesgRUbQP7CT6ySiT0HzS6s0dvvUdpwk8nmKdMWcoN5EF0UkdeGBcMevCaoMxzpRxU89_NpyUIqT3QKy1x0ulBHySJirRKQr2BnB8WLl25Rj071TYRbSTX5iud7MXyUtc6tQ2j7hBlLUI0TVhw"}I thought it was due to length, but it's not. I can have a much longer header and it works fine. However, I've found that various tweaks to this header end up making it work. Note, though:
1. There are no new lines here (Slack's rendering is bad)
2. There is whitespace, between Bearer and the token, but other headers (even long ones) with whitespace work fine
3. There are no non-visible chars in there (see below)
user=> (def v "Bearer eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJtSjB2MENCdzF0dUhqT2pYMGpQTE9zY19oMW96WWo5WXQyeEV6SVpGeDV3In0.eyJqdGkiOiI4ZWYwYzY3My1jZjZiLTRjMmQtODQyZS1mZDY1ZjQyMTI1NmEiLCJleHAiOjE1Nzg3OTA0NzIsIm5iZiI6MCwiaWF0IjoxNTc4MTg1NjcyLCJpc3MiOiJodHRwOi8vYXV0aC5va2xldHNwbGF5LmNvbTo4MDgwL2F1dGgvcmVhbG1zL2xldHNiZXQiLCJhdWQiOiJhY2NvdW50Iiwic3ViIjoiMzlkZWQwODktODIwMi00M2QxLWE4NTgtZTQ3Zjk1ZDU0ZTFiIiwidHlwIjoiQmVhcmVyIiwiYXpwIjoicmVhbC10aW1lLXJlYWQiLCJhdXRoX3RpbWUiOjAsInNlc3Npb25fc3RhdGUiOiIyM2NmZGQ4NC1hMzc1LTRhZTctOTAwNC1jNjNiZWFiMGQxODAiLCJhY3IiOiIxIiwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbIm9mZmxpbmVfYWNjZXNzIiwidW1hX2F1dGhvcml6YXRpb24iXX0sInJlc291cmNlX2FjY2VzcyI6eyJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50IiwibWFuYWdlLWFjY291bnQtbGlua3MiLCJ2aWV3LXByb2ZpbGUiXX19LCJzY29wZSI6InByb2ZpbGUgZW1haWwiLCJjbGllbnRIb3N0IjoiMTcyLjE4LjAuMiIsImNsaWVudElkIjoicmVhbC10aW1lLXJlYWQiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsInByZWZlcnJlZF91c2VybmFtZSI6InNlcnZpY2UtYWNjb3VudC1yZWFsLXRpbWUtcmVhZCIsImNsaWVudEFkZHJlc3MiOiIxNzIuMTguMC4yIiwiZW1haWwiOiJzZXJ2aWNlLWFjY291bnQtcmVhbC10aW1lLXJlYWRAcGxhY2Vob2xkZXIub3JnIn0.llQew9yXjAqajcZXVJz2LgHZN0SsEuRXD3EyW_UCK_vddOPu84_ANElypv1Z9zaa1ffTEuMrs89JyBPBRShh_xMVAAc_QpPRfGas-01Qz4WPwHk4Phs7TMv3VvBwCWRGF4V97ZxmstDs2eTKnR5-NtNiaG-Bzx87ZLHAIUV6sn0bDyhCBX3yOQRg9pPk8KH1fh40NesgRUbQP7CT6ySiT0HzS6s0dvvUdpwk8nmKdMWcoN5EF0UkdeGBcMevCaoMxzpRxU89_NpyUIqT3QKy1x0ulBHySJirRKQr2BnB8WLl25Rj071TYRbSTX5iud7MXyUtc6tQ2j7hBlLUI0TVhw")
#'user/v
user=> (-> v sort distinct)
(\space \- \. \0 \1 \2 \3 \4 \5 \6 \7 \8 \9 \A \B \C \D \E \F \G \H \I \J \K \L \M \N \O \P \Q \R \S \T \U \V \W \X \Y \Z \_ \a \b \c \d \e \f \g \h \i \j \k \l \m \n \o \p \q \r \s \t \u \v \w \x \y \z)Actually, if I make any change to the value (remove a single space, add a single space, remove or add single chars, lower-casing something, etc), aleph doesn't fail the handshake. Only this exact value does; is aleph doing some JWT validation on its own, which is trying to interpret this string?