case-insensitive header checks for _detect_origin

tests/unit/integration/secrets/test_views.py

@@ -15,6 +15,8 @@
 import pretend
 import pytest
 
+from webob.headers import EnvironHeaders
+
 from warehouse.integrations.secrets import config, utils, views
 
 
@@ -36,7 +38,7 @@ class TestDiscloseToken:
             ),
             (
                 config._github_origin,
-                {
+                {  # Test for case-insensitivity on header names
                     "GitHub-Public-Key-Identifier": "foo",
                     "GitHub-Public-Key-Signature": "bar",
                 },
@@ -69,7 +71,9 @@ def test_disclose_token(
         api_url,
         api_token,
     ):
-        pyramid_request.headers = headers
+        pyramid_request.headers = EnvironHeaders({})
+        for k, v in headers.items():
+            pyramid_request.headers[k] = v
         pyramid_request.body = "[1, 2, 3]"
         pyramid_request.json_body = [1, 2, 3]
         pyramid_request.registry.settings = settings

warehouse/integrations/secrets/views.py

@@ -21,7 +21,7 @@
 
 def _detect_origin(request):
     for origin in config.origins:
-        if origin.headers.issubset(request.headers.keys()):
+        if all([k in request.headers for k in origin.headers]):
             return origin