Preserve case of user-provided http headers in request node

Fixes #3081
2025-03-01 10:36:34 +00:00 · 2021-07-23 09:55:32 +01:00
parent 775181f761
commit 6e69cfbca4
2 changed files with 56 additions and 1 deletions
--- a/packages/node_modules/@node-red/nodes/core/network/21-httprequest.js
+++ b/packages/node_modules/@node-red/nodes/core/network/21-httprequest.js
@@ -171,8 +171,23 @@ in your Node-RED user directory (${RED.settings.userDir}).
                    opts.timeout = msg.requestTimeout;
                }
            }
+            const originalHeaderMap = {};

            opts.hooks = {
+                beforeRequest: [
+                    options => {
+                        // Whilst HTTP headers are meant to be case-insensitive,
+                        // in the real world, there are servers that aren't so compliant.
+                        // GOT will lower case all headers given a chance, so we need
+                        // to restore the case of any headers the user has set.
+                        Object.keys(options.headers).forEach(h => {
+                            if (originalHeaderMap[h] && originalHeaderMap[h] !== h) {
+                                options.headers[originalHeaderMap[h]] = options.headers[h];
+                                delete options.headers[h];
+                            }
+                        })
+                    }
+                ],
                beforeRedirect: [
                    (options, response) => {
                        let redirectInfo = {
@@ -283,7 +298,7 @@ in your Node-RED user directory (${RED.settings.userDir}).
                            })
                            if (normalisedHeaders['www-authenticate']) {
                                let authHeader = buildDigestHeader(digestCreds.user,digestCreds.password, options.method, requestUrl.pathname, normalisedHeaders['www-authenticate'])
-                                options.headers.authorization = authHeader;
+                                options.headers.Authorization = authHeader;
                            }
                            sentCreds = true;
                            return retry(options);
@@ -439,6 +454,14 @@ in your Node-RED user directory (${RED.settings.userDir}).
                    opts.https = { rejectUnauthorized: msg.rejectUnauthorized };
                }
            }
+
+            // Now we have established all of our own headers, take a snapshot
+            // of their case so we can restore it prior to the request being sent.
+            if (opts.headers) {
+                Object.keys(opts.headers).forEach(h => {
+                    originalHeaderMap[h.toLowerCase()] = h
+                })
+            }
            got(url,opts).then(res => {
                msg.statusCode = res.statusCode;
                msg.headers = res.headers;