Extractors.FromHeader should be case insensitive

[remie]

HTTP headers are case insensitive (see https://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.2).

This was fixed for fromAuthHeaderWithScheme in #118 but is still an issue in fromHeader.
EDIT: on closer inspection, the fix of #118 only makes the scheme case-insensitive. This issue still applies to fromAuthHeaderWithScheme as it assumes the authorization header to be lower case.

[mikenicholson]

As far as I understand it, node's HTTP modules takes care of lowercasing the headers on the incoming request object. See https://nodejs.org/api/http.html#http_message_headers.

Can you provide a code example that illustrates different behavior?

[SchroederSteffen]

ExtractJwt.fromHeader() isn't case-insensitive, because it tries to read the header with the given name without lowercasing it beforehand.
In the headers map, the names are in lowercase and the parameter value header_name therefore also needs to be in lowercase.

A solution would be to call header_name.toLowerCase().

passport-jwt/lib/extract_jwt.js

Line 19 in 96a6e55

if (request.headers[header_name]) {