restlet-framework-java icon indicating copy to clipboard operation
restlet-framework-java copied to clipboard
verified publisher icon restlet

RFC 2616 defines header values as case insensitive, so per default we…

Open notz opened this issue 8 years ago • 4 comments

… should read/write headers values as case insensitive

Currently only the getValues method use case insensitive per default, all other are case sensitive.

This fixes problems behind a nginx reverse proxy, where "X-Forwarded-Proto" header is set as "X-forwarded-proto" (#1191). The X-Forwarded-For is working because it's read in restlet with getValues method.

notz avatar Mar 17 '17 09:03 notz

Hi @notz , this is not so easy to change the default read option as this class is also used elsewhere. I have to check more deeply. I think we can make sure that the framework internally reads the header in the right way. In the cases you read the headers from your own code, is it possible for you to read using the value in the case-insensitive way?

thboileau avatar Apr 22 '17 13:04 thboileau

I know that it's used everywhere. But the problem isn't my application. It's used different in restlet and their modules. That's the correct approach to fix problem. I know it is no small fix, but shouldn't break anything because it's RFC conform.

On Apr 22, 2017 15:23, "Thierry Boileau" [email protected] wrote:

Hi @notz https://github.com/notz , this is not so easy to change the default read option as this class is also used elsewhere. I have to check more deeply. I think we can make sure that the framework internally reads the header in the right way. In the cases you read the headers from your own code, is it possible for you to read using the value in the case-insensitive way?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/restlet/restlet-framework-java/pull/1259#issuecomment-296373014, or mute the thread https://github.com/notifications/unsubscribe-auth/AAqjozsHWlmptlhfEVbJLzOcaCfP9harks5ryf9hgaJpZM4MgYAC .

notz avatar Apr 22 '17 15:04 notz

@jlouvel Any chance to get this into 2.6?

notz avatar Jan 18 '25 23:01 notz

Hi @notz We could tackle this change in version 2.7 which along with 3.0 version will give us the opportunity to change the Restlet API and core behavior as needed, while 2,6 should stay as close as possible to 2.5 to streamline upgrades of production apps to Java 17 and Jakarta. See https://github.com/restlet/restlet-framework-java/wiki/Roadmap

jlouvel avatar Jan 22 '25 00:01 jlouvel