HTTP Basic authentication scheme is only recognized with only first letter capitalized. This causes client credentials sent using HTTP Basic auth to be ignored if the authentication scheme is not exactly written as Basic.
Expected Behavior
HTTP authentication scheme identifier is matched case insensitively, as specified by RFC2617 section 1.2: “It uses an extensible, case-insensitive token to identify the authentication scheme“
Current Behavior
HTTP Basic authentication scheme is only recognized with only first letter capitalized. This causes client credentials sent using HTTP Basic auth to be ignored if the authentication scheme is not exactly written as
Basic
.Expected Behavior
HTTP authentication scheme identifier is matched case insensitively, as specified by RFC2617 section 1.2: “It uses an extensible, case-insensitive token to identify the authentication scheme“