Authorization Header case sensitivity


Article ID: 126468


Updated On:


STARTER PACK-7 CA Rapid App Security CA API Gateway


The user noticed a behaviour regarding the Authorization header when it leaves the gateway. We send the request as "Authorization" but when it leaves the gateway it turns to lower case "authorization" and the request fails. 

Is this by design or a bug? 


Gateway 9.3


This is as per design and RFC 2616 spec where headers are designed as case insensitive. Also the APIs responsible of getting the headers to gateway are by default making it smaller case and handing it to Gateway. Hence gateway does not have any control on preserving the source formatting.

Workaround has been given which converts the small letter Header names to Capital Letter using the Transport Properties/Header Properties to transform the Header.