Fix case-insensitive header overrides#3486
Open
fallintoplace wants to merge 1 commit into
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Changes being requested
HTTP header names are case-insensitive, but the SDK currently merges them with a normal dictionary. A lowercase per-request
authorizationoverride therefore does not replace the generatedAuthorizationheader; both values are sent. A lowercaseauthorization: Omit()also fails to remove the generated credential.This change adds a header-specific case-insensitive merge helper and uses it for HTTP requests and realtime/response websocket connections. Later header mappings keep taking precedence, and
Omit()removes matching headers regardless of casing. The generic mapping helper remains unchanged so query and JSON keys stay case-sensitive.Regression coverage verifies lowercase authorization replacement and removal for sync and async clients, including an assertion that only one authorization value remains.
Additional context & links
Validated with 177 client tests, 59 Azure tests, focused Bedrock auth/header tests, Ruff, Pyright, and mypy.