htaccess - Case insensitive header params for API request

admin管理员组

文章数量:1327801

I am making API requests with token based Auth mechanism. Here is example request.

TokenRequest({
     method: 'POST',
     url: {URL HERE},
     headers: {'Authorization': Bearer {token}},
     params: {
        ... params ...
     }
}).then...Handle the rest

The problem is with header param Authorization as per standards it should be case insensitive and almost all JS clients (Fetch, Axios) are converting headers to lowercase therefore it becomes authorization and server expects Authorization (with capital A).

My question is how to make all header params case insensitive? so it can accept params in any case.

I am making API requests with token based Auth mechanism. Here is example request.

TokenRequest({
     method: 'POST',
     url: {URL HERE},
     headers: {'Authorization': Bearer {token}},
     params: {
        ... params ...
     }
}).then...Handle the rest

The problem is with header param Authorization as per standards it should be case insensitive and almost all JS clients (Fetch, Axios) are converting headers to lowercase therefore it becomes authorization and server expects Authorization (with capital A).

My question is how to make all header params case insensitive? so it can accept params in any case.

• htaccess
• rest-api
• server

Share Improve this question asked Jan 29, 2020 at 14:57 Anwer ARAnwer AR 1,0071111 silver badges1919 bronze badges 4

• "...how to make all header params case insensitive?" - Don't you mean "case sensitive" - since that is what your "server" (although I think you mean "script") is expecting? (HTTP request headers are already case insensitive with regards to the "server". eg. Apache) – MrWhite Commented Jan 29, 2020 at 15:21
• Server is case sensitive right now and i want to make it insensitive. I am sending params in lowercase but server needs first letter capital. – Anwer AR Commented Jan 29, 2020 at 16:59
• Is this a WordPress question? WordPress does not support bearer tokens in the REST API, or otherwise, are you trying to use a plugin? Or is this something else? – Tom J Nowell ♦ Commented Jan 29, 2020 at 17:03
• I am using WP.. Auth token is just an example. I wanted to know is there a way to make HTTP headers case insensitive in WP, probably using htaccess, wp-config or something. – Anwer AR Commented Jan 29, 2020 at 19:38

Add a comment  | 

1 Answer 1

Sorted by: Reset to default 1

This would seem to be a "fault" of the way WordPress (the "server") is reading the HTTP request headers. (If they are being read into an associative array without any normalisation then the comparison will naturally be case-sensitive.) This should arguably be "fixed" in WP.

However, it's possible to create a "workaround" in .htaccess and re-create the HTTP request header with the required case. ie. Authorization (with capital A) instead of authorization (all lowercase, or whatever case is passed). However, you would need to do this for each header as required.

For example:

# 1. Save the current value in env var (Case of header name does not matter)
SetEnvIf authorization (.*) HEADER_VALUE=$1

# 2. Delete the current header (Case of header name does not matter)
RequestHeader unset "authorization" env=HEADER_VALUE

# 3. Recreate header with the required case (Case of header name is preserved)
#    env=HEADER_VALUE ensures the header is only set if it was set to begin with
RequestHeader set "Authorization" %{AUTHORIZATION_VALUE}e env=HEADER_VALUE

Any comparison that Apache performs on the headers is case-insensitive, so unset'ing Authorization or AUTHORIZATION will do the same thing. As will reading the value of Authorization or AUTHORIZATION.

You do have to completely unset the header before set'ing that header again in order to preserve the case of the required header name. edit'ing the request header does not edit the name, only the value.

IMO it's a bit "unusual" for these JS libraries to send all lowercase headers when HTTP header convention is to use camel-case, and let the servers canonicalise the request as necessary.

本文标签： htaccessCase insensitive header params for API request