Closed Bug 1469788 Opened 7 years ago Closed 7 years ago

Response header keys are shown as lower case in Network tab

Categories

(DevTools :: Netmonitor, defect)

Product:
DevTools
Component:
Netmonitor
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: nachtigall, Unassigned)

Details

Attachments

(2 files)

index.html
195 bytes, text/html
Details
http-headers.png
77.72 KB, image/png
Details
STR: Open Network tab and load https://www.mozilla.org/de/ AR: All Response keys are lower-cased: https://i.imgur.com/S9HGTb9.png This is especially irritating if you have some custom `X-*` keys and when these are suddenly turn lower case and you're debugging something else (as you do when using DevTools), and then this lower case irritates you as it has nothing to do with the original problem. FWIW, request headers are fine. Happens in Firefox Nightly 62 and Firefox Release 60. ER: The Response headers should looke like they come through the wire. See wget output: ``` $ Downloads/wget.exe --delete-after -S https://www.mozilla.org/de/ --2018-06-20 11:03:54-- https://www.mozilla.org/de/ Resolving www.mozilla.org (www.mozilla.org)... 104.16.40.2, 104.16.41.2 Connecting to www.mozilla.org (www.mozilla.org)|104.16.40.2|:443... connected. HTTP request sent, awaiting response... HTTP/1.1 200 OK Date: Wed, 20 Jun 2018 09:03:54 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: keep-alive Cache-Control: max-age=600 Content-Security-Policy: script-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com tagmanager.google.com www.youtube.com s.ytimg.com; img-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com data: mozilla.org www.googletagmanager.com www.google-analytics.com creativecommons.org; default-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com; frame-src www.googletagmanager.com www.google-analytics.com www.youtube-nocookie.com trackertest.org www.surveygizmo.com accounts.firefox.com accounts.firefox.com.cn www.youtube.com; style-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com 'unsafe-inline' fast.fonts.net; connect-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com www.googletagmanager.com www.google-analytics.com; child-src www.googletagmanager.com www.google-analytics.com www.youtube-nocookie.com trackertest.org www.surveygizmo.com accounts.firefox.com accounts.firefox.com.cn www.youtube.com ETag: "eef2c3bf50f61ae1eb096b9b895bbb7d" Expires: Fri, 08 Jun 2018 18:08:54 GMT strict-transport-security: max-age=31536000 X-Backend-Server: bedrock-prod-web-798fc76647-kxs92.bedrock-prod.frankfurt.moz.works X-Clacks-Overhead: GNU Terry Pratchett x-content-type-options: nosniff X-Frame-Options: DENY X-Robots-Tag: noodp x-xss-protection: 1; mode=block CF-Cache-Status: HIT Vary: Accept-Encoding Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" Server: cloudflare CF-RAY: 42dd109d0af82726-FRA Length: unspecified [text/html] Saving to: 'index.html.tmp' ``` FWIW, curl also shows all headers lower-case, so maybe it only happens in a library: ``` $ curl -v -o /dev/nulll 'https://www.mozilla.org/de/' % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 104.16.41.2... * TCP_NODELAY set * Connected to www.mozilla.org (104.16.41.2) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH * successfully set certificate verify locations: * CAfile: C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt CApath: none * TLSv1.2 (OUT), TLS header, Certificate Status (22): } [5 bytes data] * TLSv1.2 (OUT), TLS handshake, Client hello (1): } [512 bytes data] * TLSv1.2 (IN), TLS handshake, Server hello (2): { [96 bytes data] * TLSv1.2 (IN), TLS handshake, Certificate (11): { [3268 bytes data] * TLSv1.2 (IN), TLS handshake, Server key exchange (12): { [333 bytes data] * TLSv1.2 (IN), TLS handshake, Server finished (14): { [4 bytes data] * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): } [70 bytes data] * TLSv1.2 (OUT), TLS change cipher, Client hello (1): } [1 bytes data] * TLSv1.2 (OUT), TLS handshake, Finished (20): } [16 bytes data] * TLSv1.2 (IN), TLS change cipher, Client hello (1): { [1 bytes data] * TLSv1.2 (IN), TLS handshake, Finished (20): { [16 bytes data] * SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256 * ALPN, server accepted to use h2 * Server certificate: * subject: businessCategory=Private Organization; jurisdictionC=US; jurisdictionST=California; serialNumber=C2759208; street=650 Castro St Ste 300; postalCode=94041; C=US; ST=California; L=Mountain View; O=Mozilla Corporation; CN=mozilla.org * start date: Nov 9 00:00:00 2016 GMT * expire date: Nov 14 12:00:00 2018 GMT * subjectAltName: host "www.mozilla.org" matched cert's "www.mozilla.org" * issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2 Extended Validation Server CA * SSL certificate verify ok. * Using HTTP2, server supports multi-use * Connection state changed (HTTP/2 confirmed) * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 } [5 bytes data] * Using Stream ID: 1 (easy handle 0x66f160) } [5 bytes data] > GET /de/ HTTP/2 > Host: www.mozilla.org > User-Agent: curl/7.60.0 > Accept: */* > { [5 bytes data] * Connection state changed (MAX_CONCURRENT_STREAMS == 256)! } [5 bytes data] < HTTP/2 200 < date: Wed, 20 Jun 2018 09:05:51 GMT < content-type: text/html; charset=utf-8 < cache-control: max-age=600 < content-security-policy: script-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com www.google-analytics.com tagmanager.google.com www.youtube.com s.ytimg.com; img-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com data: mozilla.org www.googletagmanager.com www.google-analytics.com creativecommons.org; default-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com; frame-src www.googletagmanager.com www.google-analytics.com www.youtube-nocookie.com trackertest.org www.surveygizmo.com accounts.firefox.com accounts.firefox.com.cn www.youtube.com; style-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com 'unsafe-inline' fast.fonts.net; connect-src 'self' *.mozilla.net *.mozilla.org *.mozilla.com www.googletagmanager.com www.google-analytics.com; child-src www.googletagmanager.com www.google-analytics.com www.youtube-nocookie.com trackertest.org www.surveygizmo.com accounts.firefox.com accounts.firefox.com.cn www.youtube.com < etag: "eef2c3bf50f61ae1eb096b9b895bbb7d" < expires: Fri, 08 Jun 2018 18:08:54 GMT < strict-transport-security: max-age=31536000 < x-backend-server: bedrock-prod-web-798fc76647-kxs92.bedrock-prod.frankfurt.moz.works < x-clacks-overhead: GNU Terry Pratchett < x-content-type-options: nosniff < x-frame-options: DENY < x-robots-tag: noodp < x-xss-protection: 1; mode=block < cf-cache-status: HIT < expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct" < server: cloudflare < cf-ray: 42dd13797abc63c7-FRA < { [207 bytes data] 100 86068 0 86068 0 0 256k 0 --:--:-- --:--:-- --:--:-- 256k * Connection #0 to host www.mozilla.org left intact ``` Anyway, the Response and Request headers are also incorrect in Chrome Network tab (all lower-case), so maybe, really a lib error. I came across this bug while setting response headers myself using apache, and these were X-Camel-Case, so I know that they are definitely shown wrongly in Firefox. Only wget gets it right.
Attached file index.html
I can't reproduce the issue on my machine (Win10, Firefox Nightly). See the attached file that contains simple PHP script setting one custom header with random chars capitalized: <?php header('My-CuSTOM-headeR: My VALUe'); ?> The Headers side panel shows the (response) header name/value correctly for me. See also the attached screenshot... Honza
Flags: needinfo?(nachtigall)
I investigated a bit and looks like the Server (apache or nginx) lower-cases the header if the request is made using HTTP2 (like Firefox) and not HTTP1.1 (like wget) -- or at least something like this... Not sure... Could be anything, so I am closing since it's too vague.
Status: NEW → RESOLVED
Closed: 7 years ago
Flags: needinfo?(nachtigall)
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: