Headers check should be lowercase

Created on 18 December 2024, 2 months ago

Problem/Motivation

In Acquia hosting environments, and potentially others as well, the getHeaders() method returns $headers all in lowercase. This is opposed to other environments which returns them in sentence case. This is causing the "All specified headers present check" to fail even when the headers are present.

Steps to reproduce

1. Have an Acquia hosted site.
2. Verify that X-Frame-Options header is present and set to SAMEORIGIN
3. Run the security review check.
4. The check fails.

Proposed resolution

Make the check case-insensitive.

🐛 Bug report

Status

Active

Version

3.1

Component

Code

Created by

mdranove

Live updates comments and jobs are added and updated live.

Merge Requests

!80Headers check should be lowercase
Open
mdranove
updated 2 months ago

Comments & Activities

Issue created by @mdranove
Comment 2 months ago →
mdranove
Merge request !80Draft: Make headers check case-insensitive. → (Open) created by mdranove
Pipeline finished with Success
2 months ago
Total: 168s
#372814
Comment 18 days ago →
🇺🇸United States smustgrave
So know this ticket and we ended up finding that varnish was the culprit

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024