According to RFC 2616, Section 4.2 "Message Headers" (https://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.2), HTTP message headers are case-insensitive.
However, getHeader() function at line #1006 in esp/bindings/http/platform/httptransport.cpp is parsing the header using a case-sensitive comparison (strncmp).
This works for clients that send headers in a format expected by ESP, but breaks down when a client sends headers in a different case than expected.
When debugging ESP web services using chrome advanced REST client, it sends authorization token in all lower caps "authorization" header.
ESP fails to recognize this header (because it expects "Authorization" with capital A), and users cannot proceed further, stuck in an authorization loop.