Slim: [Http] PSR-7 contract violation

spec

// MessageInterface.php

/**
 * Retrieves all message header values.
 *
 * The keys represent the header name as it will be sent over the wire, and
 * each value is an array of strings associated with the header.
 *
 *     // Represent the headers as a string
 *     foreach ($message->getHeaders() as $name => $values) {
 *         echo $name . ": " . implode(", ", $values);
 *     }
 *
 *     // Emit headers iteratively:
 *     foreach ($message->getHeaders() as $name => $values) {
 *         foreach ($values as $value) {
 *             header(sprintf('%s: %s', $name, $value), false);
 *         }
 *     }
 *
 * While header names are not case-sensitive, getHeaders() will preserve the
 * exact case in which headers were originally specified.
 *
 * @return string[][] Returns an associative array of the message's headers. Each
 *     key MUST be a header name, and each value MUST be an array of strings
 *     for that header.
 */
public function getHeaders();

problem

Slim initializes its environment by feeding it the raw $_SERVER superglobal. Later in the request lifecycle, this environment is used to create the headers array for the request object. Unfortunately, when running under a FastCGI execution environment the headers sent by the client are in the format of 'HTTP_FOO_BAR' instead of the original 'Foo-Bar', which violates the PSR-7 contract.

ferfuxsake why do you care?

I am the author of an HMAC HTTP authentication library that aims to work out of the box with any PSR-7 implementation, so in my use case the whole spec is a very hard dependency. I found out this problem while developing and testing a Slim middleware for Psr7Hmac.