I am working with an organization who has built an application that is looking for an HTTP header with specific case sensitivity, else their application will reject my vendor embed. Yes, I know that there are RFCs that specifically say that HTTP headers should be treated as case-insensitive. Unfortunately, the way that this organization’s application validates vendor page headers, it requires that the case of the header match their expected string exactly.
My problem is that when I use the netlify.toml
to set the headers on my site, the header is transformed from my setting:
X-AAA-BBB-CCC = "true"
to this in the output:
X-Aaa-Bbb-Ccc: true
Let us make the assumption that this organization is extremely large and bureaucratic, and that my request for their application to handle case insensitivity of the header will fall on deaf ears. So it is up to me to change what I can on my end.
Is there a setting anywhere in my Netlify configuration or account than can be used to force the proper casing of the headers without this transformation?
More details below:
I have a netlify.toml
at the top of my project. It has a header section like the below:
[headers.values]
Cross-Origin-Opener-Policy = "same-origin"
Cross-Origin-Embedder-Policy = "require-corp"
X-AAA-BBB-CCC = "true"
So what happens when I run the following?
curl --verbose https://my-example.netlify.app/
* Trying WWW.XXX.YYY.ZZZ:443...
* Connected to my-example.netlify.app (AAA.BBB.CCC.DDD) port 443
* schannel: disabled automatic use of client certificate
* using HTTP/1.x
> GET / HTTP/1.1
> Host: my-example.netlify.app
> User-Agent: curl/X.Y.Z
> Accept: */*
>
< HTTP/1.1 200 OK
< Accept-Ranges: bytes
< Age: 0
< Cache-Control: public,max-age=0,must-revalidate
< Cache-Status: "Netlify Edge"; fwd=miss
< Content-Length: NNN
< Content-Type: text/html; charset=UTF-8
< Cross-Origin-Embedder-Policy: require-corp
< Cross-Origin-Opener-Policy: same-origin
< Date: Fri, 03 May 2024 10:00:00 GMT
< Etag: "QWERTYUIOPASDFGHJKLZXCVBNM-ssl"
< Server: Netlify
< Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
< X-Aaa-Bbb-Ccc: true
< X-Nf-Request-Id: ASDFGHJKLZXCVBNMQWERTYUIOP
< X-Robots-Tag: noindex
You’ll see in the above response that the two other headers I have in there appear as expected, because they are already in the transformed state. But the problem is that the case sensitive one gets transformed from:
X-AAA-BBB-CCC = "true"
=> X-Aaa-Bbb-Ccc: true
Can this be addressed on Netlify?
Thank you for taking the time to look into my dilemma.