Revert to Rack compliant behaviour

DataDog · Jul 23, 2024 · 2701a76 · 2701a76
1 parent fa699c8
commit 2701a76
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 12 deletions.
diff --git a/lib/datadog/appsec/contrib/rack/gateway/request.rb b/lib/datadog/appsec/contrib/rack/gateway/request.rb
@@ -41,14 +41,7 @@ def method
 
             def headers
               result = request.env.each_with_object({}) do |(k, v), h|
-                # When multiple headers with the same name are present, they are concatenated with a comma
-                # https://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.2
-                # Because headers are case insensitive, HTTP_FOO and HTTP_Foo is the same, and should be merged
-                next unless k.start_with?('HTTP_')
-
-                key = k.delete_prefix('HTTP_').tap(&:downcase!).tap { |s| s.tr!('_', '-') }
-                current_val = h[key]
-                h[key] = current_val.nil? ? v : "#{current_val}, #{v}"
+                h[k.delete_prefix('HTTP_').tap(&:downcase!).tap { |s| s.tr!('_', '-') }] = v if k.start_with?('HTTP_')
               end
 
               result['content-type'] = request.content_type if request.content_type

diff --git a/spec/datadog/appsec/contrib/rack/gateway/request_spec.rb b/spec/datadog/appsec/contrib/rack/gateway/request_spec.rb
@@ -43,8 +43,7 @@
               'REQUEST_METHOD' => 'GET', 'REMOTE_ADDR' => '10.10.10.10', 'CONTENT_TYPE' => 'text/html',
               'HTTP_COOKIE' => 'foo=bar', 'HTTP_USER_AGENT' => 'WebKit',
               'HTTP_' => 'empty header', 'HTTP_123' => 'numbered header',
-              'HTTP_123_FOO' => 'alphanumerical header', 'HTTP_FOO_123' => 'reverse alphanumerical header',
-              'HTTP_foo' => 'lowercase header', 'HTTP_Foo' => 'mixed case header'
+              'HTTP_123_FOO' => 'alphanumerical header', 'HTTP_FOO_123' => 'reverse alphanumerical header'
             }
           )
         )
@@ -59,8 +58,7 @@
           '' => 'empty header',
           '123' => 'numbered header',
           '123-foo' => 'alphanumerical header',
-          'foo-123' => 'reverse alphanumerical header',
-          'foo' => 'lowercase header, mixed case header'
+          'foo-123' => 'reverse alphanumerical header'
         }
         expect(request.headers).to eq(expected_headers)
       end