hsts: accept the Strict-Transport-Security header regardless of casing

For some reason a strcmp() was used where a case-insensitive search should
be used. This was further hidden by the fact that SoupMessageHeaders interns
the name of headers, so the first time a header is seen by the library will
be the casing that is used, rendering the case-insensitivity test useless.

Fix the string comparison and move the test for sensitivity to the top so that
it runs first and the interned STS header name is the allcaps one that will
allow the test to work.

1 files changed, 4 insertions, 1 deletions

diff --git a/tests/hsts-test.c b/tests/hsts-test.c
index 0f916e4b..6e383c08 100644
--- a/tests/hsts-test.c
+++ b/tests/hsts-test.c
@@ -480,6 +480,10 @@ main (int argc, char **argv)
 		https_uri = soup_test_server_get_uri (https_server, "https", NULL);
 	}
 
+	/* The case sensitivity test is run first because soup_message_headers_append()
+	   interns the header name and further uses of the name use the interned version.
+	   if we ran this test later, then the casing that this tests uses wouldn't be used. */
+	g_test_add_func ("/hsts/case-insensitive-header", do_hsts_case_insensitive_header_test);
 	g_test_add_func ("/hsts/basic", do_hsts_basic_test);
 	g_test_add_func ("/hsts/expire", do_hsts_expire_test);
 	g_test_add_func ("/hsts/delete", do_hsts_delete_test);
@@ -496,7 +500,6 @@ main (int argc, char **argv)
 	g_test_add_func ("/hsts/invalid-values", do_hsts_invalid_values_test);
 	g_test_add_func ("/hsts/extra-values", do_hsts_extra_values_test);
 	g_test_add_func ("/hsts/duplicated-directives", do_hsts_duplicated_directives_test);
-	g_test_add_func ("/hsts/case-insensitive-header", do_hsts_case_insensitive_header_test);
 	g_test_add_func ("/hsts/case-insensitive-directives", do_hsts_case_insensitive_directives_test);
 	g_test_add_func ("/hsts/optional-quotations", do_hsts_optional_quotations_test);
 	g_test_add_func ("/hsts/ip-address", do_hsts_ip_address_test);