Unknown problems will occur if header Name is forced to lowercase

google / tsunami-security-scanner

Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.

Apache License 2.0

8.27k stars 890 forks source link

Unknown problems will occur if header Name is forced to lowercase #90

Closed hh-hunter closed 2 years ago

hh-hunter commented 3 years ago

https://github.com/google/tsunami-security-scanner/blob/8ed1756b0a6760318afd843fd1f3a1fad00e5cb6/common/src/main/java/com/google/tsunami/common/net/http/HttpHeaders.java#L146

It should not be forced to all lower case. Some websites will judge the case of fields in the header name, such as gitlab.

hh-hunter commented 3 years ago

I think an optional parameter can be provided