Closed peterjosling closed 10 years ago
Another one of the fun quirks about HTTP, clients are allowed to mix header case in requests, and the server is supposed ignore case.
This portion of the code is actually in XHook and was added by this PR: https://github.com/jpillora/xhook/issues/16
We can either remove this code or
we could "pretty print" headers, that is, my-header
becomes My-Header
.
@gasi Can you comment on this?
Also, another thing that needs to be confirmed, which I can do when I get home, is: Can multiple headers of the same name be set? I'm quite sure this is allowed in the spec? Can all browsers do this? Because at the moment, I'm storing headers in an object which would only allow unique headers.
So, when we do:
xhr.setRequestHeader('foo-BAR', 42);
xhr.setRequestHeader('FOO-bar', 21);
In latest chrome it sends (lowercase key, both values)
foo-bar:42, 21
whereas on latest firefox, it sends (lowercase key, last value)
foo-bar:21
Same test, though with authentication header:
xhr.setRequestHeader('AUTHORization', 42);
xhr.setRequestHeader('AuthorIZATION', 21);
chrome (no lowercasing - uses the initial key and both values)
AUTHORization:42, 21
firefox (forces capital A and uses last value)
Authorization:21
And there is still safari, android browser, etc to test... Maybe the simplest solution for now is to just force capital Authorization
?
(edit1: tested Authorization
inplace of Authentication
- same results)
edit2: Safari sends same as chrome (behaviour inherited from WebKit I presume):
AUTHORization:42, 21
Created an issue on the XHook repo https://github.com/jpillora/xhook/issues/21, please place all further comments relating to this there
All request headers are converted to lowercase before sending - which in theory shouldn't be an issue as headers are case insensitive. However, I have to work with an API which requires an 'Authorization' header with a capital A, which I'm unable to send with this library (but was previously with standard jQuery).
Native XMLHttpRequest doesn't lowercase headers, so this shouldn't either?