We've wasted more than 10 hours to find why the headers are not properly going to the server side because we were getting 401 (Unauthorized) error.
We had a header key : authenticationToken in an API at the server side which is expecting this key and from the front end we were sending this key too but after so many trial we had got the same error. We started to find fetch source code and we had found this below function:
function normalizeName(name) {
if (typeof name !== 'string') {
name = String(name)
}
if (/[^a-z0-9\-#$%&'*+.^_`|~]/i.test(name))
{
throw new TypeError('Invalid character in header field name')
}
return name.toLowerCase ()
}
Fetch converts all the headers to lowercase which is against the security. In every situation a KEY needs to maintain its case sensitivity but to use fetch we have had to change our server side code to make it case insensitive.
Hence, we think it is a big issue and needs to be rectified. Please take a look into it ASAP.
Thanks for the issue @indranildutta06.
HTTP header fields are case insensitive, as per RFC2616. To quote the RFC (emphasis added):
Each header field consists of a name followed by a colon (":") and the field value. Field names are case-insensitive.
Similarly the fetch spec and the Headers class also mentions the same case-insensitivity. As we're tied to that spec, we can't make any changes to this code without that spec changing.
If your server is expecting fields to be case sensitive you might want to look into that instead.
I'll close this issue for now, as we won't be able to make any changes unless the Fetch spec changes. Let us know if you run into any more issues though and we'll be happy to discuss them 馃槂
I've created #737 since I don't think it was understood at the time this issue was closed that the actual fetch method does not lowercase headers as they are sent to the server.
While I understand the logic that @indranildutta06 should fix the server (and I agree, the server is not following the standard), to truly be a polyfill, this project would need to replicate the spec and functionality of the real fetch method.
Hi,
Thank you for understanding this issue. I hope the polyfill will be updated
soon.
Most helpful comment
Thanks for the issue @indranildutta06.
HTTP header fields are case insensitive, as per RFC2616. To quote the RFC (emphasis added):
Similarly the fetch spec and the
Headersclass also mentions the same case-insensitivity. As we're tied to that spec, we can't make any changes to this code without that spec changing.If your server is expecting fields to be case sensitive you might want to look into that instead.
I'll close this issue for now, as we won't be able to make any changes unless the Fetch spec changes. Let us know if you run into any more issues though and we'll be happy to discuss them 馃槂