Duplicating Content-Type header when header key comes in lowercase
Closed this issue · 3 comments
When using Rack middlewares, if our response already has a header like content-type
, when calling the response.finish
method, we got an additional Content-Type
with text/html
value.
This is because the h[k] || = v
is not detecting that the content-type
and Content-Type
are the same headers so is adding both to the array.
After that, when rack builds the response, our content-type
with the valid value is being removed because the rack implementation is comparing both headers using downcase
.
Check https://github.com/rack/rack/blob/2-2-stable/lib/rack/utils.rb#L476-L477
Note that Roda never uses any existing response headers, since it creates a new response for every request. So what I'm guessing is happening is your middleware is setting content-type
in the response even if Content-Type
is already set by Roda (as opposed to to Roda setting Content-Type
when content-type
is already set).
On Rack 2, Roda uses a plain hash for headers, so headers are case sensitive. On Rack 3, Roda uses Rack::Headers (a hash subclass which will automatically downcase header keys). For backwards compatibility, Roda uses mixed-case header keys. So this behavior is currently expected on Rack 2 if your middleware is not handling response header keys in a case-insensitive manner (such middleware is considered broken on Rack 2).
One solution is to fix your middleware to operate properly on Rack 2 by treating response header keys in a case insensitive manner (usually done with Rack::Utils::HeaderHash
in Rack 2). Another solution would be to switch to Rack 3. Alternatively, you could do the following in your Roda app:
opts[:default_headers] = {}
plugin :default_headers, 'content-type'=>'text/html'
which will change Roda to use content-type
instead of Content-Type
In an upcoming release, I plan to add a plugin that will make Roda use downcased header keys by default, which will become the default behavior in Roda 4.
This behavior surprised me as well. Does this really relate to middleware?
In the following, I'm using puma-6.2.2, rack-2.2.6.3, and roda-3.71.0.
--- config.ru ---
require 'roda'
class App < Roda
route do |r|
r.get do
response['content-type'] = 'text/plain'
'hi'
end
end
end
run App
--- config.ru ---
$ rackup
$ curl -D - http://localhost:9292/
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 2
hi
Also surprising is that if one sets response['Content-Type'] first, then the lowercase version works:
--- config.ru ---
require 'roda'
class App < Roda
route do |r|
r.get do
response['Content-Type'] = 'text/html' # a strange band-aid
response['content-type'] = 'text/plain'
'hi'
end
end
end
run App
--- config.ru ---
$ curl -D - http://localhost:9292/
HTTP/1.1 200 OK
content-type: text/plain
Content-Length: 2
hi
As stated above, Roda uses and expects mixed case response headers if using Rack < 3. So you shouldn't use lower case response headers in your Roda app unless you have already upgraded to Rack 3. If you are using Rack 3, either case will work, since headers will be implicitly lowercased.