This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Apigee X (actually GCP LBs) convert header names to lowercase

Posted on 09-08-2021 12:39 PM
kurtkanaskie
Staff
Reply posted on --/--/---- --:-- AM

GCP HTTP(S) Load Balancers convert HTTP/1.1 header names to lowercase in the request and response directions. See: https://cloud.google.com/load-balancing/docs/https/#target-proxies and search for "lowercase".

The HTTP/1.1 specification states that header names are case-insensitive, so this behavior should not affect existing backend APIs. However, if your backend API does expect a case-sensitive header name (e.g. Authorization) you can work around this in Apigee by creating a simple Assign Message:

 

 

 

<AssignMessage async="false" continueOnError="false" enabled="true" name="AM-case-sensitive-authorization">
    <DisplayName>AM-case-sensitive-authorization</DisplayName>
    <AssignVariable>
        <Name>save_auth</Name>
        <Ref>request.header.authorization</Ref>
    </AssignVariable>
    <Remove>
        <Headers>
            <Header name="Authorization"/>
        </Headers>
    </Remove>
    <Set>
        <Headers>
            <Header name="Authorization">{save_auth}</Header>
        </Headers>
    </Set>
</AssignMessage>

 

 

 

Note that just using Set Header does not work when the request already has an "authorization" header, as would be the case in a simple pass through proxy.

Hope this helps!

 

1 2 1,124
Topic Labels
2 REPLIES 2

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

Kurt, this is a handy tip.  Did you find a system that does not comply with the HTTP spec and expects case-sensitive headers? if so, can you tell us anything more about that target system?  Is it built on a well-known and perhaps widely-used library or platform?  Can you "name names"?  Or is it a special one-off? 

0 Likes

Posted on --/--/---- --:-- AM
kurtkanaskie
Staff
In response to dchiesa1
Reply posted on --/--/---- --:-- AM

The target was Axway and it was discovered when a proxy was migrated from classic Edge to Apigee X. Not sure if it is due to a standard configuration or special handling. I didn't find anything stating case sensitivity in the Axway docs to validate access token.