From 714217410889d84ad6f6806e4668296981434031 Mon Sep 17 00:00:00 2001
From: Dan Stillman <dstillman@zotero.org>
Date: Mon, 3 Apr 2017 01:20:09 -0400
Subject: [PATCH] Allow lowercase Authorization header

Other headers were accepted as lowercase (including Zotero-API-Key), but
not Authorization

Fixes #27
---
 controllers/ApiController.php | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/controllers/ApiController.php b/controllers/ApiController.php
index 3eb7c16f..d2e8d014 100644
--- a/controllers/ApiController.php
+++ b/controllers/ApiController.php
@@ -212,10 +212,13 @@ public function init($extra) {
 			// other than Basic/Digest, so use an Apache-specific method to get the header
 			if (!$key && function_exists('apache_request_headers')) {
 				$headers = apache_request_headers();
-				if (isset($headers['Authorization'])) {
+				if (isset($headers['Authorization']) || isset($headers['authorization'])) {
+					$val = isset($headers['Authorization'])
+						? $headers['Authorization']
+						: $headers['authorization'];
 					// Look for "Authorization: Bearer" from OAuth 2.0, and ignore everything else
-					if (preg_match('/^bearer/i', $headers['Authorization'], $matches)) {
-						if (preg_match('/^bearer +([a-z0-9]+)$/i', $headers['Authorization'], $matches)) {
+					if (preg_match('/^bearer/i', $val, $matches)) {
+						if (preg_match('/^bearer +([a-z0-9]+)$/i', $val, $matches)) {
 							$key = $matches[1];
 						}
 						else {