From b6c67cf6057f85bb5afb42820820a173c84d5f93 Mon Sep 17 00:00:00 2001
From: Lance Ball <lball@redhat.com>
Date: Fri, 3 Jul 2020 10:05:40 -0400
Subject: [PATCH 1/2] fix: ensure that the HTTP receiver sanitizes headers in
 accept()

Even though the underlying structured and binary receivers already sanitize
the headers, this needs to be done at the receiver.accept() level since
the headers are inspected there to determine what mode the event is being
sent as.

Signed-off-by: Lance Ball <lball@redhat.com>
---
 src/transport/receiver.ts  | 13 +++++++------
 test/http_receiver_test.ts | 29 +++++++++++++++++++++++++++++
 2 files changed, 36 insertions(+), 6 deletions(-)

diff --git a/src/transport/receiver.ts b/src/transport/receiver.ts
index 15c18677..b8ed8c42 100644
--- a/src/transport/receiver.ts
+++ b/src/transport/receiver.ts
@@ -1,4 +1,4 @@
-import { Headers } from "./http/headers";
+import { Headers, sanitize } from "./http/headers";
 import { CloudEvent, Version, ValidationError } from "..";
 import { BinaryHTTPReceiver as BinaryReceiver } from "./http/binary_receiver";
 import { StructuredHTTPReceiver as StructuredReceiver } from "./http/structured_receiver";
@@ -60,16 +60,17 @@ export class Receiver {
    * @return {CloudEvent} A new {CloudEvent} instance
    */
   accept(headers: Headers, body: string | Record<string, unknown> | CloudEventV1 | CloudEventV03): CloudEvent {
-    const mode: Mode = getMode(headers);
-    const version = getVersion(mode, headers, body);
+    const cleanHeaders: Headers = sanitize(headers);
+    const mode: Mode = getMode(cleanHeaders);
+    const version = getVersion(mode, cleanHeaders, body);
     switch (version) {
       case Version.V1:
-        return this.receivers.v1[mode].parse(body, headers);
+        return this.receivers.v1[mode].parse(body, cleanHeaders);
       case Version.V03:
-        return this.receivers.v03[mode].parse(body, headers);
+        return this.receivers.v03[mode].parse(body, cleanHeaders);
       default:
         console.error(`Unknown spec version ${version}. Default to ${Version.V1}`);
-        return this.receivers.v1[mode].parse(body, headers);
+        return this.receivers.v1[mode].parse(body, cleanHeaders);
     }
   }
 }
diff --git a/test/http_receiver_test.ts b/test/http_receiver_test.ts
index 1c21c39e..b21a0492 100644
--- a/test/http_receiver_test.ts
+++ b/test/http_receiver_test.ts
@@ -52,6 +52,35 @@ describe("HTTP Transport Binding Receiver for CloudEvents", () => {
       expect(typeof event.data).to.equal("object");
       expect((event.data as Record<string, string>).lunch).to.equal("sushi");
     });
+
+    it("Recognizes headers in title case for binary events", () => {
+      const binaryHeaders = {
+        "Content-Type": "application/json; charset=utf-8",
+        "ce-specversion": specversion,
+        "ce-id": id,
+        "ce-type": type,
+        "ce-source": source,
+      };
+
+      const event: CloudEvent = receiver.accept(binaryHeaders, data);
+      expect(event.validate()).to.be.true;
+      expect((event.data as Record<string, string>).lunch).to.equal("sushi");
+    });
+
+    it("Recognizes headers in title case for structured events", () => {
+      const structuredHeaders = { "Content-Type": "application/cloudevents+json" };
+      const payload = {
+        id,
+        type,
+        source,
+        data,
+        specversion,
+      };
+
+      const event: CloudEvent = receiver.accept(structuredHeaders, payload);
+      expect(event.validate()).to.be.true;
+      expect((event.data as Record<string, string>).lunch).to.equal("sushi");
+    });
   });
 
   describe("V1", () => {

From 3d16138e6d564b73c87c67caa2c87c54ec49d9f3 Mon Sep 17 00:00:00 2001
From: Lance Ball <lball@redhat.com>
Date: Fri, 3 Jul 2020 11:01:44 -0400
Subject: [PATCH 2/2] fixup: pass original unsanitized headers to underlying
 parsers

Signed-off-by: Lance Ball <lball@redhat.com>
---
 src/transport/receiver.ts | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/transport/receiver.ts b/src/transport/receiver.ts
index b8ed8c42..48fcd1df 100644
--- a/src/transport/receiver.ts
+++ b/src/transport/receiver.ts
@@ -65,12 +65,12 @@ export class Receiver {
     const version = getVersion(mode, cleanHeaders, body);
     switch (version) {
       case Version.V1:
-        return this.receivers.v1[mode].parse(body, cleanHeaders);
+        return this.receivers.v1[mode].parse(body, headers);
       case Version.V03:
-        return this.receivers.v03[mode].parse(body, cleanHeaders);
+        return this.receivers.v03[mode].parse(body, headers);
       default:
         console.error(`Unknown spec version ${version}. Default to ${Version.V1}`);
-        return this.receivers.v1[mode].parse(body, cleanHeaders);
+        return this.receivers.v1[mode].parse(body, headers);
     }
   }
 }