HttpHeaders#writableHttpHeaders not effective with read-only delegate

[ilgrosso]

As described in https://github.com/spring-cloud/spring-cloud-gateway/issues/3570#issuecomment-2437407696 starting with Spring Boot 3.3.5, we are observing that HttpHeaders#writableHttpHeaders is failing to return a writable instance in case the given headers argument is an instance of Spring Security's org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall.StrictFirewallServerWebExchange.StrictFirewallHttpRequest.StrictFirewallHttpHeaders

This seems to be related to https://github.com/spring-projects/spring-security/commit/0e257b56ce35402558a260ffa6b368982f9a7934

[ilgrosso]

I think it would be enough to cherry-pick https://github.com/spring-projects/spring-framework/commit/ef77b4064fe0cc6da3986059cbeac3f471a8fd92#diff-39bc6ab427a4045bf51ca9822ce9386c3ba11f676d3d47e33b841dc04a7c257bR77 to the branch 6.1.x

[ilgrosso]

Closing here, moving to https://github.com/spring-projects/spring-framework/issues/33795

[rwinch]

@ilgrosso Thanks for the report and correctly linking to the Spring Framework issue. For others, this is a duplicate of https://github.com/spring-projects/spring-security/issues/15989 which is superseded by https://github.com/spring-projects/spring-framework/issues/33789