From c45a39775e130212dac96d7c26f1f6fabe93be2b Mon Sep 17 00:00:00 2001
From: Alwin Garside <alwin@garsi.de>
Date: Fri, 25 Jul 2025 13:43:52 +0200
Subject: [PATCH] fix: #259 The HTTP Authentication Scheme patterns should be
 case-insensitive

The `basic` and `bearer` authentication scheme
tokens should be considered case-insensitive per
[Section 2.1 of RFC 7235](https://datatracker.ietf.org/doc/html/rfc7235#section-2.1).
---
 src/PSR7/Validators/SecurityValidator.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/PSR7/Validators/SecurityValidator.php b/src/PSR7/Validators/SecurityValidator.php
index e3b9e6fa..f013a450 100755
--- a/src/PSR7/Validators/SecurityValidator.php
+++ b/src/PSR7/Validators/SecurityValidator.php
@@ -26,8 +26,8 @@
 final class SecurityValidator implements MessageValidator
 {
     private const HEADER_AUTHORIZATION = 'Authorization';
-    private const AUTH_PATTERN_BASIC   = '#^Basic #';
-    private const AUTH_PATTERN_BEARER  = '#^Bearer #';
+    private const AUTH_PATTERN_BASIC   = '#^Basic #i';
+    private const AUTH_PATTERN_BEARER  = '#^Bearer #i';
 
     /** @var SpecFinder */
     private $finder;