search

freedomofpress / securedrop-client

a Qt-based GUI for SecureDrop journalists 📰🗞️
GNU Affero General Public License v3.0
41 stars 40 forks source link

support duplicate HTTP headers #1780

Open cfm opened 8 months ago

cfm commented 8 months ago

Description

During #1778, I've been reminded that HTTP permits both requests and responses to have duplicated headers—that is, to have multiple values for the same key. We should make that securedrop-proxy supports these cases at least as well as suggested by VCR.py's HeaderDict.

legoktm commented 8 months ago

For prioritization purposes, is there any place we currently use or expect duplicate headers?

reqwest also has a HeaderMap type for this reason (see https://docs.rs/reqwest/latest/reqwest/header/struct.HeaderMap.html#method.get_all), we would need to change the type we serialize to to probably HashMap<String, Vec<String>>.

cfm commented 8 months ago

On Mon, Feb 05, 2024 at 12:09:53PM -0800, Kunal Mehta wrote:

For prioritization purposes, is there any place we currently use or expect duplicate headers?

Nope! Just seemed worth noting this as a compliant thing we don't currently support.