search

swaggest / rest

Web services with OpenAPI and JSON Schema done quick in Go
https://pkg.go.dev/github.com/swaggest/rest
MIT License
362 stars 17 forks source link

Header names case sensitivity #119

Closed pboguslawski closed 1 year ago

pboguslawski commented 1 year ago

Describe the bug

According to

https://stackoverflow.com/questions/5258977/are-http-headers-case-sensitive

HTTP header names should be compared in a case-insensitive fashion.

With example input header definition

HeaderSecFetchSite string `header:"sec-fetch-site" required:"true"`

request with

Sec-Fetch-Site: same-origin

throws request validation failure with

"header:sec-fetch-site": [
      "missing value"
    ]

Expected behavior Requests with any of below should be passed:

sec-fetch-site: same-origin
Sec-Fetch-Site: same-origin
sEc-fEtCh-sitE: same-origin
vearutop commented 1 year ago

Good catch, this can be fixed.

Meanwhile, a workaround is to use canonical names:

HeaderSecFetchSite string `header:"Sec-Fetch-Site" required:"true"`