From 8960be9950d0bb0115c1dc2d1d06d30c9aa39cf9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pierre=20B=C3=A9rub=C3=A9?= <pierre@lgse.com>
Date: Sat, 8 May 2021 12:20:17 -0600
Subject: [PATCH] ensure authorization header parsing is case insensitive

---
 src/Headers.php | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/Headers.php b/src/Headers.php
index d90f893..afde205 100644
--- a/src/Headers.php
+++ b/src/Headers.php
@@ -179,7 +179,15 @@ protected function normalizeHeaderName(string $name, bool $preserveCase = false)
      */
     protected function parseAuthorizationHeader(array $headers): array
     {
-        if (!isset($headers['Authorization'])) {
+        $hasAuthorizationHeader = false;
+        foreach ($headers as $name => $value) {
+            if (strtolower($name) === 'authorization') {
+                $hasAuthorizationHeader = true;
+                break;
+            }
+        }
+
+        if (!$hasAuthorizationHeader) {
             if (isset($this->globals['REDIRECT_HTTP_AUTHORIZATION'])) {
                 $headers['Authorization'] = $this->globals['REDIRECT_HTTP_AUTHORIZATION'];
             } elseif (isset($this->globals['PHP_AUTH_USER'])) {