http, requests: canonicalize header values at cache Vary comparison
- Headers.mli gets a 'Values are stored verbatim' note explaining
why add/set do not normalise: proxies, replay signers and strict
round-trip callers need the original bytes. Points at
canonicalize_value for anyone comparing values across
implementations.
- Requests.Features.Cache.vary_matches now canonicalises both sides
before equality. Two requests whose Vary-keyed headers differ only
in insignificant whitespace should reuse the same cache entry;
the previous String.equal missed that.
Reviewed other Headers users across the monorepo. Skipped:
- parse_connection_header / TE='trailers' checks already lowercase+trim
on a per-token basis, which is the right rule for comma-delimited
tokens.
- Digest auth parser (WWW-Authenticate) trims outer whitespace then
hands off to a quoted-string-aware parser; collapsing internal
whitespace would mangle realms with significant spaces.
- HTTP/2 HPACK relies on exact-byte matching against the static
table; canonicalising before lookup would break compression.
- RFC 9421 HTTP Message Signatures (features/signature.ml) uses the
value raw and needs its own spec-specific normalisation (strip
leading/trailing only) — separate bug, separate fix.