Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Header fields are not case-insensitive if specified in openapi3 configuration

See original GitHub issue

Version

io.vertx:vertx-web-openapi:4.0.0.CR1

Context

According to https://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.2, header field names must be case-insensitive. This is not the case though if you specify the Authorization header in the openapi3 configuration file, using the vertx-web-openapi library.

Do you have a reproducer?

Yes: https://github.com/u6f6o/vertx-web-openapi-header-bug

Steps to reproduce

  1. Start the application, and try
  2. curl --location --request GET 'http://localhost:8080/hello-world' --header 'authorization: fkelwfelwfew'
  3. Check the output of the application (stderr)
  4. Try this call: curl --location --request GET 'http://localhost:8080/hello-world' --header 'Authorization: fkelwfelwfew'

Extra

mac OS Catalina 10.15.7 Java™ SE Runtime Environment (build 14.0.1+7)

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Reactions:1
  • Comments:7 (3 by maintainers)

github_iconTop GitHub Comments

1reaction
u6f6ocommented, Nov 18, 2020

@slinkydeveloper: I built a fat jar on the branch issues/1872 and tested the headers - it worked on all different combinations 👍

1reaction
slinkydevelopercommented, Nov 18, 2020

We decided to not verify the jwt again in the service itself and because of that, I decided back in the days to define it as a “normal” header. Might reconsider this decision though, thx for bringing it up!

Yep that was my concern, If you already checked it somewhere probably you don’t need to check it here too…

I believe though, that this issue is not limited to the Authorization header field. It applied for other fields in my test too (e.g. Foo=123 vs foo=123).

Yeah I think so, seems also an important one.

Read more comments on GitHub >

github_iconTop Results From Across the Web

OpenAPI Specification - Version 3.0.3 - Swagger
All field names in the specification are case sensitive. This includes all fields that are used as keys in a map, except where...
Read more >
Headers properties should be case insensitive. #457 - GitHub
HTTP Header names are case insensitive. Swagger specification enforce to be case sensitive all field names without exceptions.
Read more >
OpenAPI Specification v3.1.0 | Introduction, Definitions, & More
When properly defined via OpenAPI, a consumer can understand and interact with ... All field names in the specification are case sensitive.
Read more >
Using OpenAPI and Swagger UI - Quarkus
Setting it to true will automatically add a default server to the schema if none is provided, using the current running server host...
Read more >
Documentation for the java Generator
discriminatorCaseSensitive, Whether the discriminator value lookup should be case-sensitive or not. This option only works for Java API client ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

RouterBuilder fails to create using local files

Next page

Implement a generic `authentication` api for web-client