nic-6443 opened a new pull request, #13517: URL: https://github.com/apache/apisix/pull/13517
### Description When `core.request.set_header(ctx, name, value)` is called with a header name whose case differs from the cached key, the stale entry stays in the cached headers table alongside the new one. For example, after an ext-plugin rewrites the `Authorization` header in the request phase, `ext-plugin-post-resp` passes `core.request.headers(ctx)` to lua-resty-http, which iterates the table with `pairs()` and sends **both** the old and the new value upstream — and the upstream typically picks the old one (first header wins). The cached table returned by `ngx.req.get_headers()` stores keys in lower case and only has an `__index` metamethod that normalizes lookups; there is no `__newindex`. So the partial cache update in `modify_header` (`ctx.headers[header_name] = header_value`) rawsets a new mixed-case key (e.g. `Authorization`) while the stale lower-case entry (`authorization`) keeps its old value. The bug affects any consumer that iterates the cached table; lookups via `core.request.header()` happen to return the new value because the rawget hits the mixed-case key first. The fix normalizes the cache key to lower case before updating, matching how `ngx.req.get_headers()` stores keys, in both the `set_header` and `add_header` branches. Note that the `'_' → '-'` mapping in the metamethod's `__index` applies only to lookups, not to storage (a fresh `get_headers()` returns `lowcase_key` as-is), so lower-casing alone mirrors a refetch exactly. #### Which issue(s) this PR fixes: Fixes #13015 ### Checklist - [x] I have explained the need for this PR and the problem it solves - [x] I have explained the changes or the new features added to this PR - [x] I have added tests corresponding to this change - [ ] I have updated the documentation to reflect this change - [x] I have verified that this change is backward compatible (If not, please discuss on the [APISIX mailing list](https://github.com/apache/apisix/tree/master#community) first) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
