Add ASCII sanitization utility for HTTP header compatibility

[rahul-lohra]

Goal

Ensure HTTP headers are ASCII-safe by normalizing and stripping non-ASCII characters to prevent OkHttp header validation issues and align with Chat product behavior.

Implementation

Ensure HTTP headers are ASCII-safe by normalizing and stripping non-ASCII characters to prevent OkHttp header validation issues and align with Chat product behavior.

🎨 UI Changes

None

Testing

Pass special character in appName in StringBuilder and sdk should work as usual

Summary by CodeRabbit

• Bug Fixes
  • Improved header handling with enhanced sanitization to properly process and normalize special characters, ensuring better compatibility across different character encodings and system configurations while maintaining stability.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[github-actions]

PR checklist ✅

All required conditions are satisfied:

• Title length is OK (or ignored by label).
• At least one pr: label exists.
• Sections ### Goal, ### Implementation, and ### Testing are filled.

🎉 Great job! This PR is ready for review.

[coderabbitai]

Walkthrough

The change adds a header sanitization feature to HeadersUtil.kt by introducing a private extension function that normalizes and removes non-ASCII characters from SDK tracking headers using Java's Normalizer class.

Changes

Cohort / File(s)	Summary
Header Sanitization stream-video-android-core/src/main/kotlin/io/getstream/video/android/core/header/HeadersUtil.kt	Added java.text.Normalizer import; introduced private String.sanitize() extension function that normalizes strings and strips non-ASCII characters; modified header construction to apply sanitization to buildSdkTrackingHeaders() result

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐰 Headers dancing in the stream,
ASCII dreams and sanitized schemes,
Normalizer smooths the way,
Non-ASCII chars fade away! ✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 25.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.
Description check	❓ Inconclusive	The description includes Goal and Implementation sections but lacks Testing details, UI Changes explanation, and incomplete contributor checklist.	Expand the Testing section with specific test cases and expected outcomes. Complete the ☑️Contributor Checklist to indicate which items have been addressed (CLA signed, changelog updated, unit tests added, etc.).

✅ Passed checks (1 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: adding an ASCII sanitization utility for HTTP headers. It directly matches the PR's core objective of ensuring HTTP header compatibility by normalizing and stripping non-ASCII characters.

✨ Finishing touches

• 📝 Generate docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

Fix all issues with AI Agents 🤖

In
@stream-video-android-core/src/main/kotlin/io/getstream/video/android/core/header/HeadersUtil.kt:
- Around line 101-104: The String.sanitize() extension currently compiles the
regex on every call, hurting performance; move the pattern to a precompiled
companion object constant (e.g. private val NON_ASCII_REGEX =
"[^\\p{ASCII}]".toRegex()) and use it in sanitize() instead of creating a new
regex each time, and add a brief KDoc to sanitize() explaining it performs
Unicode normalization (Normalizer.Form.NFD) and strips non-ASCII characters;
reference the sanitize() function and the new companion object constant when
making the change.

📜 Review details

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between b9c9ceb and 0b47acb.

📒 Files selected for processing (1)

• stream-video-android-core/src/main/kotlin/io/getstream/video/android/core/header/HeadersUtil.kt

🧰 Additional context used

📓 Path-based instructions (3)

**/*.{kt,java}

📄 CodeRabbit inference engine (AGENTS.md)

**/*.{kt,java}: Use Kotlin with JVM toolchain 17; Java is legacy-only
Use 4-space indentation with no trailing whitespace
Avoid wildcard imports

Files:

• stream-video-android-core/src/main/kotlin/io/getstream/video/android/core/header/HeadersUtil.kt

**/*.{kt,kts}

📄 CodeRabbit inference engine (AGENTS.md)

**/*.{kt,kts}: Use PascalCase for types and Composables (e.g., StreamCallActivity, ParticipantGrid)
Use camelCase for functions and values
Use UPPER_SNAKE_CASE for constants only when truly constant
Prefer explicit visibility modifiers; limit internal leakage across modules
Keep critical RTC paths off the main thread; prefer coroutines with structured scopes
Monitor logging verbosity; rely on StreamVideoImpl.developmentMode for guardrails
Use KDoc (/** ... */) for public APIs and complex subsystems; link to Stream docs when relevant
Group large files with // region judiciously; keep commentary purposeful
Sanitize logs to avoid dumping JWTs, ICE tokens, or call IDs in verbose logs
Pause/resume capture on lifecycle changes; ensure background audio routing is intentional
Validate orientation, aspect ratio, and dynascale handling for both portrait/landscape phones and tablets
Keep concurrency deterministic—use structured coroutines and avoid global scope
Ensure cleanup/teardown paths handle cancellation and failure (important for sockets, queues, retries)

Files:

• stream-video-android-core/src/main/kotlin/io/getstream/video/android/core/header/HeadersUtil.kt

**/*.{kt,java,kts,gradle.kts}

📄 CodeRabbit inference engine (AGENTS.md)

Follow Spotless formatting; ensure custom license headers are in spotless/ directory

Files:

• stream-video-android-core/src/main/kotlin/io/getstream/video/android/core/header/HeadersUtil.kt

🧠 Learnings (1)

📚 Learning: 2025-12-19T09:15:37.269Z

Learnt from: CR
Repo: GetStream/stream-video-android PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-19T09:15:37.269Z
Learning: Applies to **/*.{kt,kts} : Sanitize logs to avoid dumping JWTs, ICE tokens, or call IDs in verbose logs

Applied to files:

• stream-video-android-core/src/main/kotlin/io/getstream/video/android/core/header/HeadersUtil.kt

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)

• GitHub Check: Build / compose apks
• GitHub Check: compare-sdk-sizes / Compare SDK sizes
• GitHub Check: base-android-ci / Run unit tests
• GitHub Check: base-android-ci / Build
• GitHub Check: base-android-ci / Run static checks

🔇 Additional comments (2)

stream-video-android-core/src/main/kotlin/io/getstream/video/android/core/header/HeadersUtil.kt (2)

25-25: LGTM - Import is necessary for Unicode normalization.

The import of java.text.Normalizer is required for the ASCII sanitization feature.

---

85-85: LGTM - Sanitization applied at the correct point.

Applying .sanitize() to the fully assembled header string ensures the entire header value is ASCII-safe before being used in HTTP requests.

[github-actions]

SDK Size Comparison 📏

SDK	Before	After	Difference	Status
stream-video-android-core	11.94 MB	11.94 MB	0.00 MB	🟢
stream-video-android-ui-xml	5.68 MB	5.68 MB	0.00 MB	🟢
stream-video-android-ui-compose	6.27 MB	6.27 MB	0.00 MB	🟢

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud