Something is messing with authorization headers

Hi,

I’ve got a python script which sends a customised status back to gitea from a drone build. The script works perfectly from it’s container outside the context of a drone runner, but if the script is run within a drone build the “authorization” header is getting modified.

The script sets the header as:

{'Authorization': 'token 42_this_is_my_token_8b'}

However when I tcpdump the incoming http connection to gitea I get this from my script:

User-Agent: python-requests/2.25.1
Authorization: Basic ZXl_base64_encoded_data_Yw==

The base64 decoded data in the basic authorization header contains:

eyJh_the_oauth_token_the_other_requests_are_using_jpw:x-oauth-basic

The oauth token matches the other requests drone is sending into my gitea install, so the conclusion I’ve come to is that the drone runner context is somehow messing with the headers on my outgoing requests.

Am I being paranoid or have I missed something?

Thanks,

Peter

@pfarmer,

Could you please share the script that you are using to create/pass authorization header, so that we can review and suggest.

Regards,
Harness Support

Hi,

The repo can be cloned from here:

The script is expecting a secret to be available called gitea_pat which is a gitea personal access token.

It should produce output like this:

latest: Pulling from geekycode/python-generic
Digest: sha256:2de8098faf74ffca020d71b928a95ee108a53205de94562bd1f48bdaa6d445fb
Status: Image is up to date for geekycode/python-generic:latest
+ ./success.py
{'Content-Type': 'application/json', 'Authorization': 'token ******', 'X-Script-name': 'success.py'}
403
{'User-Agent': 'python-requests/2.25.1', 'Accept-Encoding': 'gzip, deflate', 'Accept': '*/*', 'Connection': 'keep-alive', 'Content-Type': 'application/json', 'Authorization': 'Basic ZX_base_64_encoded_string_Yw==', 'X-Script-name': 'success.py', 'Content-Length': '159'}

Thanks,

Peter