Custom header with undercore is been normilize to a header without it

[ocalvet]

When I configure the allow headers to the following:

AllowedHeaders:   []string{"Accept", "Authorization", "Content-Type", "X-CSRF-Token", "contact_id"},

Then I send a request from my react client using the contact_id header on the request I get the following error in the debug log:

Preflight aborted: headers '[Contactid]' not allowed

When I check the code it looks like parseHeaderList function in the utils.go file is removing the underscores from the header list.

Why is this the default behavior?

[Ariel-dono]

https://httpwg.org/specs/rfc7230.html#rule.token.separators

[Ariel-dono]

https://github.com/rs/cors/pull/103

[ted-marozzi]

This should be fixed now for those from the future

[pkieltyka]

Thanks for the fix Ted