Skip to content

Bug: Fix ContentType header should be Content-Type in auth.ts #1985

New issue
New issue
Open
#1995
Open
Bug: Fix ContentType header should be Content-Type in auth.ts#1985
#1995
Assignees
Nixxx19
@Nixxx19

Description

@Nixxx19
Nixxx19
opened on Feb 16, 2026

What's happening?

The HTTP header name ContentType is invalid. When passed to fetch(), it gets sent as contenttype (lowercase), which is NOT a valid HTTP header name.

Location: packages/cli/src/cli/utils/auth.ts:25

Current Code:

headers: {
  Authorization: `Bearer ${params.apiKey}`,
  ContentType: "application/json",  //  Invalid - sends as "contenttype"
},

Proof it's a bug:

Test results show:

// ContentType sends as "contenttype" (invalid HTTP header)
const h1 = new Headers({ ContentType: 'application/json' });
h1.get('Content-Type');  // Returns: null 

// Content-Type sends correctly
const h2 = new Headers({ 'Content-Type': 'application/json' });
h2.get('Content-Type');  // Returns: 'application/json'

Why it's a real issue:

  • ContentType (camelCase) ≠ "Content-Type" (hyphenated) - they're different keys
  • fetch() sends ContentType as contenttype (lowercase), which is invalid
  • HTTP standard requires Content-Type (hyphenated)
  • Inconsistency: observability.ts:92 correctly uses "Content-Type" (with quotes)
  • Some servers/proxies may reject or ignore the invalid contenttype header

Exact Reproduction Steps

Copy-pasteable commands only:

  1. Verify the bug exists:

    grep -n "ContentType" packages/cli/src/cli/utils/auth.ts
# Should show: 25:            ContentType: "application/json",

  2. Test that it's actually wrong:

    node -e "
const h1 = new Headers({ ContentType: 'application/json' });
const h2 = new Headers({ 'Content-Type': 'application/json' });
console.log('ContentType -> Content-Type:', h1.get('Content-Type')); // null 
console.log('Content-Type -> Content-Type:', h2.get('Content-Type')); // 'application/json' 
"

  3. Compare with correct usage:

    grep -n "Content-Type" packages/cli/src/cli/utils/observability.ts
# Should show: 92:          "Content-Type": "application/json", (correct )

  4. Test actual API call (if you have API key):

    # This may work on lenient servers but fail on strict ones
# The header sent will be 'contenttype' not 'content-type'

Expected

HTTP headers should use the correct format: "Content-Type" (with hyphen and quotes).

Fixed Code:

headers: {
  Authorization: `Bearer ${params.apiKey}`,
  "Content-Type": "application/json",  //  Correct
},

Actual

Currently using ContentType which is not a valid HTTP header name. This may cause:

  • API requests to fail silently
  • Rejection by strict HTTP servers
  • Authentication failures

Proposed Fix

Change line 25 in packages/cli/src/cli/utils/auth.ts:

// Before
ContentType: "application/json",

// After
"Content-Type": "application/json",

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions