Fix makeCurlHeadersArray: sanitize headers to prevent 400 Bad Request

[simoneaveotti-meyer]

Summary

This patch updates the makeCurlHeadersArray function to sanitize and normalize request headers before sending them via cURL.
The original implementation forwarded all headers, including hop-by-hop/problematic ones (e.g. Content-Length, Connection), which could cause 400 Bad Request errors in some environments.

Changes

• Filter out problematic headers:
  • Content-Length
  • Connection
  • Transfer-Encoding
  • Expect
• Normalize headers by stripping CR/LF and extra whitespace.
• Ensure only valid Name: Value pairs are included.
• Preserve critical headers such as Content-Type: application/json.

Testing

• Verified against environments running:
  • CentOS 7 with cURL 7.29 (NSS)
  • Ubuntu 24.04 with cURL 8.x (OpenSSL)
• Confirmed requests are now accepted by external APIs that require JSON payloads.
• Regression tested with existing REDCap REST calls to ensure no functionality is broken.

Notes

• This fix prevents malformed or duplicate headers from being sent to external APIs.
• No configuration changes required for end users.
• Recommended for inclusion in the next release to ensure wider compatibility across both legacy and modern server environments.