Normalise response headers to lowercase; fix Set-Cookie for Rack 3

Two related problems prevented cookies from being sent correctly under
Rack 3 with WEBrick 1.9:

1. Header key casing: Rackup's WEBrick handler looks up the cookie header
   with headers.delete('set-cookie') (lowercase). The previous code
   produced Title-Case keys via HeaderHash#flattened, so the lookup never
   matched and cookies were left in the general headers loop where they
   were passed to res[key] = value instead of res.cookies.

2. Embedded newlines in the value: multiple cookies were joined with "\n"
   into a single string. WEBrick 1.9 validates every header and cookie
   value through check_header, raising WEBrick::HTTPResponse::InvalidHeader
   for any value that contains \r or \n, which caused a 500 response.

Introduce build_rack_response_headers which:
- Lowercases all header names (required by Rack 3; harmless for Rack 2
  because all Rack 2 handlers match header names case-insensitively).
- Under Rack 3 emits set-cookie as an Array so Rackup can call
  res.cookies.concat(Array(value)), emitting one Set-Cookie line per cookie
  with no embedded newlines.
- Under Rack 2 emits set-cookie as a newline-joined String, matching the
  expectation of Rack::Handler::WEBrick which calls vs.split("\n") before
  adding cookies (passing an Array would raise NoMethodError on Array#split).

Because all header keys are now lowercase, update LOWERCASE_CONTENT_TYPE
in RackResponse and adjust the two RackResponse unit specs accordingly.

Author: orien

lib/webmachine/adapters/rack.rb

@@ -75,7 +75,7 @@ def call(env)
         response.headers[SERVER] = VERSION_STRING
 
         rack_status = response.code
-        rack_headers = response.headers.flattened(NEWLINE)
+        rack_headers = build_rack_response_headers(response.headers)
         rack_body = case response.body
         when String # Strings are enumerable in ruby 1.8
           [response.body]
@@ -117,6 +117,45 @@ def call(env)
 
       protected
 
+      # Build a Rack-compatible response headers hash from Webmachine's response
+      # headers.
+      #
+      # Header names are always lowercased: this is required by Rack 3 and is
+      # harmless for Rack 2 (all Rack 2 handlers match header names
+      # case-insensitively).
+      #
+      # The +set-cookie+ value is formatted differently per Rack version:
+      #
+      # * Rack 3 / Rackup: the value must be an Array. Rackup's WEBrick handler
+      #   deletes the lowercase +set-cookie+ key and calls
+      #   +res.cookies.concat(Array(value))+, emitting one Set-Cookie line per
+      #   cookie. Joining with +\n+ instead would produce a header value
+      #   containing a newline, which WEBrick 1.9+ rejects as
+      #   +WEBrick::HTTPResponse::InvalidHeader+.
+      #
+      # * Rack 2 / Rack::Handler::WEBrick: the handler splits on +\n+ before
+      #   adding cookies (+vs.split("\n")+), so the value must be a newline-joined
+      #   String. Passing an Array causes a +NoMethodError+ because +Array+ does
+      #   not define +#split+.
+      def build_rack_response_headers(response_headers)
+        response_headers.each_with_object({}) do |(key, value), h|
+          rack_key = key.downcase
+          h[rack_key] = if rack_key == 'set-cookie'
+            if rack_v3?
+              # Array lets Rackup emit one Set-Cookie header per cookie.
+              Array(value)
+            else
+              # Rack 2's handler splits on \n; give it a newline-joined String.
+              Array(value).join(NEWLINE)
+            end
+          elsif value.is_a?(Array)
+            value.join(NEWLINE)
+          else
+            value
+          end
+        end
+      end
+
       def routing_tokens(rack_req)
         nil # no-op for default, un-mapped rack adapter
       end
@@ -153,6 +192,10 @@ def initialize(method, uri, headers, body, routing_tokens, base_uri, env)
 
       class RackResponse
         ONE_FIVE = '1.5'.freeze
+        # Header names are normalised to lowercase by build_rack_response_headers,
+        # so use the lowercase form everywhere inside RackResponse too.
+        LOWERCASE_CONTENT_TYPE = 'content-type'.freeze
+
 
         def initialize(body, status, headers)
           @body = body
@@ -161,8 +204,8 @@ def initialize(body, status, headers)
         end
 
         def finish
-          @headers[CONTENT_TYPE] ||= TEXT_HTML if rack_release_enforcing_content_type
-          @headers.delete(CONTENT_TYPE) if response_without_body
+          @headers[LOWERCASE_CONTENT_TYPE] ||= TEXT_HTML if rack_release_enforcing_content_type
+          @headers.delete(LOWERCASE_CONTENT_TYPE) if response_without_body
           [@status, @headers, @body]
         end
 

spec/webmachine/adapters/rack_spec.rb

@@ -22,7 +22,7 @@
     it 'should add Content-Type header on not acceptable response' do
       rack_response = described_class.new(double(:body), 406, {})
       _rack_status, rack_headers, _rack_body = rack_response.finish
-      expect(rack_headers).to have_key('Content-Type')
+      expect(rack_headers).to have_key('content-type')
     end
   end
 
@@ -32,7 +32,7 @@
     it 'should not add Content-Type header on not acceptable response' do
       rack_response = described_class.new(double(:body), 406, {})
       _rack_status, rack_headers, _rack_body = rack_response.finish
-      expect(rack_headers).not_to have_key('Content-Type')
+      expect(rack_headers).not_to have_key('content-type')
     end
   end
 end