Merge pull request #195 from l0gicgate/188-patch

Ensure authorization header parsing is case insensitive
slimphp · May 8, 2021 · 0dca983 · 0dca983
2 parents e99324d + 8960be9
commit 0dca983
Showing 1 changed file with 9 additions and 1 deletion.
diff --git a/src/Headers.php b/src/Headers.php
@@ -179,7 +179,15 @@ protected function normalizeHeaderName(string $name, bool $preserveCase = false)
      */
     protected function parseAuthorizationHeader(array $headers): array
     {
-        if (!isset($headers['Authorization'])) {
+        $hasAuthorizationHeader = false;
+        foreach ($headers as $name => $value) {
+            if (strtolower($name) === 'authorization') {
+                $hasAuthorizationHeader = true;
+                break;
+            }
+        }
+
+        if (!$hasAuthorizationHeader) {
             if (isset($this->globals['REDIRECT_HTTP_AUTHORIZATION'])) {
                 $headers['Authorization'] = $this->globals['REDIRECT_HTTP_AUTHORIZATION'];
             } elseif (isset($this->globals['PHP_AUTH_USER'])) {