backport: header deepcopy fix (#1110)

jeevatkm · web-flow · commit fb4a091579bd · 2026-01-31T15:43:41.000-08:00
diff --git a/middleware.go b/middleware.go
@@ -244,7 +244,7 @@ func createHTTPRequest(c *Client, r *Request) (err error) {
 	r.RawRequest.Close = c.closeConnection
 
 	// Add headers into http request
-	r.RawRequest.Header = r.Header
+	r.RawRequest.Header = r.Header.Clone()
 
 	// Add cookies from client instance into http request
 	for _, cookie := range c.Cookies {
diff --git a/request_test.go b/request_test.go
@@ -703,7 +703,8 @@ func TestRequestAuthScheme(t *testing.T) {
 
 		assertError(t, err)
 		assertEqual(t, http.StatusOK, resp.StatusCode())
-		assertEqual(t, tokenValue, resp.Request.Header.Get(hdrAuthorizationKey))
+		assertEqual(t, "", resp.Request.Header.Get(hdrAuthorizationKey))
+		assertEqual(t, tokenValue, resp.Request.RawRequest.Header.Get(hdrAuthorizationKey))
 	})
 
 	t.Run("empty auth scheme at request level GH954", func(t *testing.T) {
@@ -720,7 +721,8 @@ func TestRequestAuthScheme(t *testing.T) {
 
 		assertError(t, err)
 		assertEqual(t, http.StatusOK, resp.StatusCode())
-		assertEqual(t, tokenValue, resp.Request.Header.Get(hdrAuthorizationKey))
+		assertEqual(t, "", resp.Request.Header.Get(hdrAuthorizationKey))
+		assertEqual(t, tokenValue, resp.Request.RawRequest.Header.Get(hdrAuthorizationKey))
 	})
 
 	t.Run("only client level auth token GH959", func(t *testing.T) {
@@ -735,7 +737,8 @@ func TestRequestAuthScheme(t *testing.T) {
 
 		assertError(t, err)
 		assertEqual(t, http.StatusOK, resp.StatusCode())
-		assertEqual(t, "Bearer "+tokenValue, resp.Request.Header.Get(hdrAuthorizationKey))
+		assertEqual(t, "", resp.Request.Header.Get(hdrAuthorizationKey))
+		assertEqual(t, "Bearer "+tokenValue, resp.Request.RawRequest.Header.Get(hdrAuthorizationKey))
 	})
 
 }
