Describe the bug
Version: 6.2.7, Spring Boot 3.2.11
Defining a WebFilter bean that mutates HttpHeaders results in HTTP Error 500 after upgrading to Spring Security 6.2.7.
This is most likely due to problem in StrictFirewallHttpHeaders implementation extending HttpHeaders rather than ReadonlyHttpHeaders, causing HttpHeaders.writableHttpHeaders() to incorrectly initialize the headers with readonly headers passed to super() call in StrictFirewallHttpHeaders.
A simple reproducer is shown at https://github.com/ZIRAKrezovic/httpheaders-bug
Simple ./mvnw clean verify will bring the right behavior
Changing version to 6.2.7 or commenting it out in root pom.xml -> <spring-security.version>6.2.6</spring-security.version> causes error in one of the filter chains, more specifically calls to "header" method.
Comment From: ZIRAKrezovic
Duplicate of #15989