Fix issue with request header casing causing inconsistent behavior between hosting environments

SkyLundy · SkyLundy · commit e9bf18eccd7c · 2025-03-01T14:10:54.000-08:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,13 @@
 # FormBuilder HTMX Changelog
 
+## 1.0.2 2025-03-01
+
+### Bugfixes, recommended for all users
+
+- Change the way request headers are read to make them case-insensitive. Different hosting
+  environments may handle request header casing in different ways which was causing inconsistencies
+  and problems in identifying HTMX FormBuilder requests. 
+
 ## 1.0.1 2024-09-05
 
 ### Bugfixes, new features, recommended for all users
@@ -48,4 +56,4 @@ can be overcome by using FormBuilder HTMX to render all forms.
 
 ### Initial release
 
-- Does what README.md says it does
+- Does what README.md says it does
diff --git a/FormBuilderHtmx.module.php b/FormBuilderHtmx.module.php
@@ -8,8 +8,14 @@ class FormBuilderHtmx extends Wire implements Module
     /**
      * Names of request headers to perist data during per-form request/response
      */
-    private const ID_REQUEST_HEADER = 'Fb-Htmx-Id';
-    private const INDICATOR_REQUEST_HEADER = 'Fb-Htmx-Indicator';
+    private const ID_REQUEST_HEADER = 'fb-htmx-id';
+    private const INDICATOR_REQUEST_HEADER = 'fb-htmx-indicator';
+
+    /**
+     * Memoized parsed request headers
+     * @var array
+     */
+    private array $requestHeaders = [];
 
     /**
      * Holds the markup for a submitted form if it exists
@@ -104,13 +110,11 @@ private function isHtmxRequest(): bool
     {
         $input = wire('input');
 
-        $requestHeaders = getallheaders() + ['Hx-Request' => false, self::ID_REQUEST_HEADER => null];
-
         return $input->requestMethod('post') &&
                $input->_submitKey &&
                $input->_InputfieldForm &&
-               !!$requestHeaders[self::ID_REQUEST_HEADER] &&
-               $requestHeaders['Hx-Request'] === 'true';
+               $this->getHeaderValue(self::ID_REQUEST_HEADER, false) &&
+               $this->getHeaderValue('hx-request', false) === 'true';
     }
 
     /**
@@ -192,7 +196,10 @@ private function addFormBuilderHtmxContainer(string $renderedForm, ?string $id =
      */
     private function htmxFormId(): string
     {
-        return getallheaders()[self::ID_REQUEST_HEADER] ?? 'fb-htmx-' . (new WireRandom)->alphanumeric(10);
+        return $this->getHeaderValue(
+            self::ID_REQUEST_HEADER,
+            'fb-htmx-' . (new WireRandom)->alphanumeric(10)
+        );
     }
 
     /**
@@ -201,6 +208,26 @@ private function htmxFormId(): string
      */
     private function indicatorSelector(?string $indicator = null): ?string
     {
-        return getallheaders()[self::INDICATOR_REQUEST_HEADER] ?? $indicator;
+        return $this->getHeaderValue(self::INDICATOR_REQUEST_HEADER) ?? $indicator;
+    }
+
+    /**
+     * Gets a header by name. Is case insensitive to account for potential differences in
+     * server environments
+     *
+     * @param string $headerName Name of header
+     * @param mixed  $default    Default value if header does not exist
+     */
+    private function getHeaderValue(string $headerName, mixed $default = null): mixed
+    {
+        if (!$this->requestHeaders) {
+            $requestHeaders = getallheaders();
+
+            $this->requestHeaders = array_change_key_case($requestHeaders, CASE_LOWER);
+        }
+
+        $headerName = strtolower($headerName);
+
+        return $this->requestHeaders[$headerName] ?? $default;
     }
 }
diff --git a/README.md b/README.md
@@ -42,11 +42,11 @@ The `Submit` button is automatically disabled on submission to prevent duplicate
 
 FormBuilderHtmx uses FormBuilder's "Option C: Preferred Method" for rendering. Refer to the 'Embed' tab of your Form Setup page for additional details.
 
-`$htmxForms->render()` is a drop-in replacement for the equivalent FormBuilder method. It can be hooked (details below) and accepts its second `$vars` argument. By drop-in replacement, it allows you to continue using the FormBuilder API as you would expect, including the script and CSS utilities.
+`$htmxForms->render()` is a drop-in replacement for the equivalent FormBuilder method. It can be hooked (details below) and accepts its second `$vars` argument. By 'drop-in replacement', it allows you to continue using the FormBuilder API as you would expect, including the scripts and CSS utilities.
 
 ```html
 <!--
-  Keep your workflow, $htmxForms returns the same object as $forms
+  $htmxForms returns the same object as $forms
   The second prefill parameter mirrors FormBuilder, add prefill values as needed
 -->
 $htmxForm = $htmxForms->render('your_form_field', [
@@ -119,8 +119,8 @@ Attempting to add or replace these attributes may lead to issues or cause forms
 
 ## CSRF Protection
 
-**CSRF protection may need to be disabled for forms using HTMX/AJAX**
-Test to ensure that CSRF errors aren't present when submitting your forms. Disable CSRF if issues are experienced.
+**CSRF protection must be disabled for forms using HTMX/AJAX**
+Data that the CSRF feature in FormBuilder is not consistent across AJAX requests and submissions will fail with an error. If you are getting odd results or forms that are not working, check that CSRF is disabled before further troubleshooting.
 
 ## How Does It Work?
 
@@ -148,5 +148,4 @@ $wire->addHookAfter('FormBuilderHtmx::render', function(HookEvent $event) {
 
 ## Nifty Tricks
 
-This module lets you use the same field multiple times on one page. Only one will be submitted and processed.
-
+This module lets you use the same field multiple times on one page. Only one will be submitted and processed.
