From dec2f52fa494c5adf8805ec227ed60d911a6fb4a Mon Sep 17 00:00:00 2001
From: Dennis Suratna <dennis.suratna@gmail.com>
Date: Tue, 11 Aug 2015 15:25:38 -0700
Subject: Authorization scheme should be case insensitive. Fixes #21199

---
 actionpack/lib/action_controller/metal/http_authentication.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'actionpack/lib/action_controller/metal/http_authentication.rb')

diff --git a/actionpack/lib/action_controller/metal/http_authentication.rb b/actionpack/lib/action_controller/metal/http_authentication.rb
index 032275ac64..bbb38cf8fc 100644
--- a/actionpack/lib/action_controller/metal/http_authentication.rb
+++ b/actionpack/lib/action_controller/metal/http_authentication.rb
@@ -94,7 +94,7 @@ module ActionController
       end
 
       def has_basic_credentials?(request)
-        request.authorization.present? && (auth_scheme(request) == 'Basic')
+        request.authorization.present? && (auth_scheme(request).downcase == 'basic')
       end
 
       def user_name_and_password(request)
-- 
cgit v1.2.3