Authorization Header case sensitivity

book

Article ID: 126468

calendar_today

Updated On:

Products

STARTER PACK-7 CA Rapid App Security CA API Gateway

Issue/Introduction



The user noticed a behaviour regarding the Authorization header when it leaves the gateway. We send the request as "Authorization" but when it leaves the gateway it turns to lower case "authorization" and the request fails. 

Is this by design or a bug? 

Environment

Gateway 9.3

Resolution

This is as per design and RFC 2616 spec where headers are designed as case insensitive. Also the APIs responsible of getting the headers to gateway are by default making it smaller case and handing it to Gateway. Hence gateway does not have any control on preserving the source formatting.

Workaround has been given which converts the small letter Header names to Capital Letter using the Transport Properties/Header Properties to transform the Header.