Skip to content

Remove non-lowercase headers in Rails default configuration (fixes #541)#551

Merged
rei-moo merged 1 commit intogithub:feature-7.2from
Tapjoy:fix/lowercase-headers
Dec 15, 2025
Merged

Remove non-lowercase headers in Rails default configuration (fixes #541)#551
rei-moo merged 1 commit intogithub:feature-7.2from
Tapjoy:fix/lowercase-headers

Conversation

@obrie
Copy link

@obrie obrie commented Mar 20, 2025

This implements the solution proposed in #541

The full details of the issue can are described in that ticket. To summarize:

While secure_headers now uses lowercase headers (as required by Rack 3+), the Rails default configuration still defines non-lowercase headers. As a result, our Railtie will not remove those conflicting headers.

This change ensures that we're accounting for both lowercase and non-lowercase default headers in Rails (for current Rails defaults and future defaults).

All PRs:

  • Has tests
  • Documentation updated

Adding a new header

Generally, adding a new header is always OK.

  • Is the header supported by any user agent? If so, which?
  • What does it do?
  • What are the valid values for the header?
  • Where does the specification live?

Adding a new CSP directive

  • Is the directive supported by any user agent? If so, which?
  • What does it do?
  • What are the valid values for the directive?

@obrie
Remove non-lowercase headers in Rails default configuration (fixes gi…
7237dc2 
…thub#541)

While this gem now uses lowercase headers, the Rails default configuration still
defines non-lowercase headers.  As a result, our Railtie will not remove those
conflicting headers.

This change ensures that we're accounting for both lowercase and non-lowercase
default headers in Rails.
@obrie
Copy link
Author

obrie commented Apr 30, 2025

Any chance we can get a maintainer to review this?

@rei-moo rei-moo requested a review from a team December 12, 2025 21:05
@rei-moo
Copy link
Contributor

rei-moo commented Dec 12, 2025

Hey @obrie thanks for the contribution! Sorry for the delay. This is on our radar and we will be taking a look shortly. 😄

@rei-moo rei-moo changed the base branch from main to feature-7.2 December 15, 2025 16:59
rei-moo
rei-moo approved these changes Dec 15, 2025
View reviewed changes
Copy link
Contributor

@rei-moo rei-moo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, thank you! 🎉

@rei-moo rei-moo merged commit a912a94 into github:feature-7.2 Dec 15, 2025
@fletchto99 fletchto99 mentioned this pull request Dec 16, 2025
Open
fletchto99 added a commit that referenced this pull request Jan 15, 2026
@fletchto99
Add tests for changes in #551
0be5181
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rei-moo rei-moo rei-moo approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@obrie @rei-moo