Closed pboguslawski closed 1 year ago
Describe the bug
According to
https://stackoverflow.com/questions/5258977/are-http-headers-case-sensitive
HTTP header names should be compared in a case-insensitive fashion.
With example input header definition
HeaderSecFetchSite string `header:"sec-fetch-site" required:"true"`
request with
Sec-Fetch-Site: same-origin
throws request validation failure with
"header:sec-fetch-site": [ "missing value" ]
Expected behavior Requests with any of below should be passed:
sec-fetch-site: same-origin Sec-Fetch-Site: same-origin sEc-fEtCh-sitE: same-origin
Good catch, this can be fixed.
Meanwhile, a workaround is to use canonical names:
HeaderSecFetchSite string `header:"Sec-Fetch-Site" required:"true"`
Describe the bug
According to
https://stackoverflow.com/questions/5258977/are-http-headers-case-sensitive
HTTP header names should be compared in a case-insensitive fashion.
With example input header definition
request with
throws request validation failure with
Expected behavior Requests with any of below should be passed: