Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

AWS API Gateway Custom Authorization header case sensitivity

AWS API Gateway provides an option to use custom authorization via Lambda function. In this approach, user is expected to a configure a custom header name (Example: Auuthorization or Auth). This header value be extracted by Gateway and passed on to Lambda Event.

However, Gateway is searching for incoming headers case sensitively. I.e if user specifies the header as authorization instead of Authorization, Gateway returns 401. Why does this search case sensitively when http protocol states that headers can be case insensitive.

like image 425
suman j Avatar asked Aug 02 '16 16:08

suman j


People also ask

Is API gateway case sensitive?

API Gateway enacts the following restrictions and limitations when handling methods with either Lambda integration or HTTP integration. Header names and query parameters are processed in a case-sensitive way.

Are request headers case sensitive?

The default behavior of the HTTP Headers is case insensitive, the headers should be accessible within the flow using any case.

How do I pass headers in API gateway?

To pass custom headers from an API Gateway API to a Lambda function, use a body mapping template. The API sends the updated API request to a Lambda function to process the headers. Then, the Lambda function returns one or more header values from the original API request.


1 Answers

Yep this is a known issue with the customer authorizer, and also the header mapping functionality in API Gateway. Header matches are case sensitive, which as you stated is against the spec. I don't have an ETA for fixing this but it is a known issue that we would like to fix.

Edit: This should now be resolved. The custom authorizer header match is case insensitive.

like image 200
jackko Avatar answered Sep 30 '22 13:09

jackko