Upcase Authorization header to fix HTTP Basic Auth #804
Conversation
|
hasHeader is caseless. we set the auth header lowercase on purpose because most node programms check and validate lowercase headers. any server that doesn't support lowercase headers is in violation of the http spec. if you have to support one you can set the header yourself with the case you want and we won't clobber it but i'm not going to change the default because most people checking in node code will check against the lowercase one. |
|
@mikeal It appears that you are correct with regard to the header spec. The RFC that I read prior to issuing the PR was specific to HTTP authorization, and listed the auth header capitalized throughout. However, after reading your response I did some more research and found this document, which clearly states that headers are case-insensitive. Thanks for making this lib, btw. |
|
Thanks for using it and engage with the project :) While the spec says that headers are caseless there are still servers (Hacker News among them) that routinely violate that part of the spec and have to be dealt with on a case-by-case basis. |
Some web servers are particularly sensitive to proper casing with the HTTP Authorization header. This PR fixes that problem by changing the header from
authorizationtoAuthorization. All tests were passing without modification.