Add backwards compatibility for Rack 2 and below

Author: fletchto99

lib/secure_headers/middleware.rb

@@ -9,7 +9,12 @@ def initialize(app)
     def call(env)
       req = Rack::Request.new(env)
       status, headers, response = @app.call(env)
-      headers = Rack::Headers[headers]
+
+      # Rack::Headers is available in Rack 3.x and later
+      # So we should pull the headers into that structure if possible
+      if defined?(Rack::Headers)
+        headers = Rack::Headers[headers]
+      end
 
       config = SecureHeaders.config_for(req)
       flag_cookies!(headers, override_secure(env, config.cookies)) unless config.cookies == OPT_OUT

spec/lib/secure_headers/middleware_spec.rb

@@ -36,6 +36,27 @@ module SecureHeaders
       expect(env[ContentSecurityPolicyConfig::HEADER_NAME]).to match("example.org")
     end
 
+    context "Rack::Headers conversion" do
+      it "converts headers to Rack::Headers when Rack::Headers is defined" do
+        if defined?(Rack::Headers)
+          _, headers, = middleware.call(Rack::MockRequest.env_for("https://localhost", {}))
+          expect(headers.is_a?(Rack::Headers)).to be true
+        else
+          skip "Rack::Headers is not defined in this version of Rack"
+        end
+      end
+
+      it "keeps headers as a hash when Rack::Headers is not defined" do
+        # Temporarily hide the Rack::Headers constant if it exists
+        if defined?(Rack::Headers)
+          hide_const("Rack::Headers")
+        end
+
+        _, headers, = middleware.call(Rack::MockRequest.env_for("https://localhost", {}))
+        expect(headers.is_a?(Hash)).to be true
+      end
+    end
+
     context "cookies" do
       before(:each) do
         reset_config