request headers are not being normalized and overrides not respected

[knksmith57]

Currently, when a request is setup and the default headers are merged into the request-specific ones, no normalization is being performed.

This is problematic because, per RFC2616, request headers are case-insensitive. The result is that header overrides are not respected and duplicate headers with the same field name (of mixed casing) but different values could be sent in the request.

For example:

needle.get('http://example.com', {headers: {'user-agent': 'not going to work'}})

will result in the following config.headers object:

{
  Accept: '*/*,
  User-Agent: ''Needle/x.x.x (Node.js vx.x.x; <platform> <arch>)",
  user-agent: "not going to work"
}

where the expected object would be:

{
  Accept: '*/*,
  user-agent: "not going to work"
}

I think the simplest solution would be to do the following:

1. move the header overrides down below the basic/digest auth section (ie: to ~ line 235) and ensure the header key is lowercased:

     for (var h in options.headers)
       config.headers[h.toLowerCase()] = options.headers[h];
   

2. add the following directly above the overrides:

     for (var h in config.headers)
       config.headers[h] = String(config.headers[h]).toLowerCase();
   

This tracks the current time complexity and ensures overrides are respected.

[tomas]

Good point. I'll take a look at this now.

[knksmith57]

@tomas hey sir, not sure if you had a chance to take a look at this yesterday. Did you want me to work a PR right quick? Happy to help!

[tomas]

Yes! A PR would certainly help. I'm out of town at the moment so much slower than usual. :)

[tomas]

This just landed in d227ef4. I ended up changing all header logic to lowercase!

Thanks again mate.