From 352a54a7bf3ece31d4927ee807599471c94abcc2 Mon Sep 17 00:00:00 2001
From: Xuelei Li <115022112+lix-mms@users.noreply.github.com>
Date: Mon, 31 Jul 2023 06:28:02 +0200
Subject: [PATCH] fix(auth): ignore case when comparing http headers (#8356)

---
 datahub-frontend/app/controllers/Application.java | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/datahub-frontend/app/controllers/Application.java b/datahub-frontend/app/controllers/Application.java
index d31cb13fa7b41..5c76f2572a936 100644
--- a/datahub-frontend/app/controllers/Application.java
+++ b/datahub-frontend/app/controllers/Application.java
@@ -136,11 +136,11 @@ public CompletableFuture<Result> proxy(String path, Http.Request request) throws
             .stream()
             // Remove X-DataHub-Actor to prevent malicious delegation.
             .filter(entry -> !AuthenticationConstants.LEGACY_X_DATAHUB_ACTOR_HEADER.equalsIgnoreCase(entry.getKey()))
-            .filter(entry -> !Http.HeaderNames.CONTENT_LENGTH.equals(entry.getKey()))
-            .filter(entry -> !Http.HeaderNames.CONTENT_TYPE.equals(entry.getKey()))
-            .filter(entry -> !Http.HeaderNames.AUTHORIZATION.equals(entry.getKey()))
+            .filter(entry -> !Http.HeaderNames.CONTENT_LENGTH.equalsIgnoreCase(entry.getKey()))
+            .filter(entry -> !Http.HeaderNames.CONTENT_TYPE.equalsIgnoreCase(entry.getKey()))
+            .filter(entry -> !Http.HeaderNames.AUTHORIZATION.equalsIgnoreCase(entry.getKey()))
             // Remove Host s.th. service meshes do not route to wrong host
-            .filter(entry -> !Http.HeaderNames.HOST.equals(entry.getKey()))
+            .filter(entry -> !Http.HeaderNames.HOST.equalsIgnoreCase(entry.getKey()))
             .collect(Collectors.toMap(Map.Entry::getKey, Map.Entry::getValue))
         )
         .addHeader(Http.HeaderNames.AUTHORIZATION, authorizationHeaderValue)
@@ -152,8 +152,8 @@ public CompletableFuture<Result> proxy(String path, Http.Request request) throws
           final ResponseHeader header = new ResponseHeader(apiResponse.getStatus(), apiResponse.getHeaders()
               .entrySet()
               .stream()
-              .filter(entry -> !Http.HeaderNames.CONTENT_LENGTH.equals(entry.getKey()))
-              .filter(entry -> !Http.HeaderNames.CONTENT_TYPE.equals(entry.getKey()))
+              .filter(entry -> !Http.HeaderNames.CONTENT_LENGTH.equalsIgnoreCase(entry.getKey()))
+              .filter(entry -> !Http.HeaderNames.CONTENT_TYPE.equalsIgnoreCase(entry.getKey()))
               .map(entry -> Pair.of(entry.getKey(), String.join(";", entry.getValue())))
               .collect(Collectors.toMap(Pair::getFirst, Pair::getSecond)));
           final HttpEntity body = new HttpEntity.Strict(apiResponse.getBodyAsBytes(), Optional.ofNullable(apiResponse.getContentType()));