Azure APIM response headers turning to lower case

0
votes

Response headers set at Azure APIM, turning to lower case instead of preserving the exact header name. Below is the APIM policy to validate JWT token. Upon JWT validation unsuccessful due to invalid token or expired token, setting header WWW-Authenticate.

<policies>
    <inbound>
        <base />
        <validate-jwt header-name="Authorization" failed-validation-httpcode="401" failed-validation-error-message="Unauthorized. Access token is missing or invalid." require-scheme="Bearer" output-token-variable-name="jwt">
            <openid-config url="https://login.microsoftonline.com/my_tenant/v2.0/.well-known/openid-configuration" />
            <audiences>
                <audience>my_audience_string</audience>
            </audiences>
            <issuers>
                <issuer>https://sts.windows.net/my_tenant/</issuer>
            </issuers>
            <required-claims>
                <claim name="roles" match="any">
                    <value>clients.manage</value>
                    <value>clients.delete</value>
                    <value>clients.read</value>
                </claim>
            </required-claims>
        </validate-jwt>
    </inbound>
    <backend>
        <base />
    </backend>
    <outbound>
        <base />
        <set-header name="content-type" exists-action="override">
            <value>application/json</value>
        </set-header>
    </outbound>
    <on-error>
        <base />
        <choose>
            <when condition="@(context.Response.StatusCode == 401)">
                <set-header name="WWW-Authenticate" exists-action="override">
                    <value>@("Bearer realm="+context.Request.OriginalUrl.Host)</value>
                </set-header>
            </when>
        </choose>
    </on-error>
</policies>

Expecting response header WWW-Authenticate, but actually getting www-authenticate (all in lower case).

enter image description here

Is this expected?

1
azureazure-api-managementapim

1 Answers

0
votes

Thank you Chandra Mohan. Posting your suggestion as an answer to help other community members.

If you add context.Request.Body.As<JObject>, then you can ignore the case.

<choose>
<when condition="@((context.Request.Body != null) && context.Request.Body.As<JObject>(preserveContent: true).GetValue("channelId", StringComparison.OrdinalIgnoreCase)?.Value<string>() != null)">
    <set-header name="channelId" exists-action="override">
        <value>@(context.Request.Body.As<JObject>(preserveContent: true).GetValue("channelId", StringComparison.OrdinalIgnoreCase)?.Value<string>())</value>
    </set-header>
</when>

You can also check-header in policy statement:

<check-header name="header name" failed-check-httpcode="code" failed-check-error-message="message" ignore-case="true">
    <value>Value1</value>
    <value>Value2</value>
</check-header>

You can refer to Azure APIM inbound policy ignore case for the property name and Check HTTP header