refactor: http verbs etc (#5248)

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
2023-04-15 15:03:14 +10:00 · 2023-04-15 15:03:14 +10:00 · eaddf11df6
parent d2cdbb23f3
commit eaddf11df6
27 changed files with 335 additions and 315 deletions
--- a/cmd/authelia-gen/cmd_docs_date.go
+++ b/cmd/authelia-gen/cmd_docs_date.go
@ -12,6 +12,7 @@ import (
 	"time"
 	"github.com/spf13/cobra"
 	"github.com/valyala/fasthttp"
 	"gopkg.in/yaml.v3"
 )
@ -24,7 +25,7 @@ func newDocsDateCmd() *cobra.Command {
 		DisableAutoGenTag: true,
 	}
-	cmd.Flags().String("commit-until", "HEAD", "The commit to check the logs until")
+	cmd.Flags().String("commit-until", fasthttp.MethodHead, "The commit to check the logs until")
 	cmd.Flags().String("commit-since", "", "The commit to check the logs since")
 	return cmd
--- a/internal/authorization/authorizer_test.go
+++ b/internal/authorization/authorizer_test.go
@ -9,6 +9,7 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"github.com/stretchr/testify/suite"
 	"github.com/valyala/fasthttp"
 	"github.com/authelia/authelia/v4/internal/configuration/schema"
 )
@ -113,20 +114,20 @@ func (s *AuthorizerSuite) TestShouldCheckDefaultBypassConfig() {
 	tester := NewAuthorizerBuilder().
 		WithDefaultPolicy(bypass).Build()
-	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://public.example.com/", "GET", Bypass)
+	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://public.example.com/", fasthttp.MethodGet, Bypass)
-	tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.com/", "GET", Bypass)
+	tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.com/", fasthttp.MethodGet, Bypass)
-	tester.CheckAuthorizations(s.T(), UserWithoutGroups, "https://public.example.com/", "GET", Bypass)
+	tester.CheckAuthorizations(s.T(), UserWithoutGroups, "https://public.example.com/", fasthttp.MethodGet, Bypass)
-	tester.CheckAuthorizations(s.T(), UserWithoutGroups, "https://public.example.com/elsewhere", "GET", Bypass)
+	tester.CheckAuthorizations(s.T(), UserWithoutGroups, "https://public.example.com/elsewhere", fasthttp.MethodGet, Bypass)
 }
 func (s *AuthorizerSuite) TestShouldCheckDefaultDeniedConfig() {
 	tester := NewAuthorizerBuilder().
 		WithDefaultPolicy(deny).Build()
-	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://public.example.com/", "GET", Denied)
+	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://public.example.com/", fasthttp.MethodGet, Denied)
-	tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.com/", "GET", Denied)
+	tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.com/", fasthttp.MethodGet, Denied)
-	tester.CheckAuthorizations(s.T(), UserWithoutGroups, "https://public.example.com/", "GET", Denied)
+	tester.CheckAuthorizations(s.T(), UserWithoutGroups, "https://public.example.com/", fasthttp.MethodGet, Denied)
-	tester.CheckAuthorizations(s.T(), UserWithoutGroups, "https://public.example.com/elsewhere", "GET", Denied)
+	tester.CheckAuthorizations(s.T(), UserWithoutGroups, "https://public.example.com/elsewhere", fasthttp.MethodGet, Denied)
 }
 func (s *AuthorizerSuite) TestShouldCheckMultiDomainRule() {
@ -138,12 +139,12 @@ func (s *AuthorizerSuite) TestShouldCheckMultiDomainRule() {
 		}).
 		Build()
-	tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.com/", "GET", Bypass)
+	tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.com/", fasthttp.MethodGet, Bypass)
-	tester.CheckAuthorizations(s.T(), UserWithGroups, "https://private.example.com/", "GET", Bypass)
+	tester.CheckAuthorizations(s.T(), UserWithGroups, "https://private.example.com/", fasthttp.MethodGet, Bypass)
-	tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.com/elsewhere", "GET", Bypass)
+	tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.com/elsewhere", fasthttp.MethodGet, Bypass)
-	tester.CheckAuthorizations(s.T(), UserWithGroups, "https://example.com/", "GET", Denied)
+	tester.CheckAuthorizations(s.T(), UserWithGroups, "https://example.com/", fasthttp.MethodGet, Denied)
-	tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.com.c/", "GET", Denied)
+	tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.com.c/", fasthttp.MethodGet, Denied)
-	tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.co/", "GET", Denied)
+	tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.co/", fasthttp.MethodGet, Denied)
 }
 func (s *AuthorizerSuite) TestShouldCheckDynamicDomainRules() {
@ -159,10 +160,10 @@ func (s *AuthorizerSuite) TestShouldCheckDynamicDomainRules() {
 		}).
 		Build()
-	tester.CheckAuthorizations(s.T(), UserWithGroups, "https://john.example.com/", "GET", OneFactor)
+	tester.CheckAuthorizations(s.T(), UserWithGroups, "https://john.example.com/", fasthttp.MethodGet, OneFactor)
-	tester.CheckAuthorizations(s.T(), UserWithGroups, "https://dev.example.com/", "GET", OneFactor)
+	tester.CheckAuthorizations(s.T(), UserWithGroups, "https://dev.example.com/", fasthttp.MethodGet, OneFactor)
-	tester.CheckAuthorizations(s.T(), UserWithGroups, "https://admins.example.com/", "GET", OneFactor)
+	tester.CheckAuthorizations(s.T(), UserWithGroups, "https://admins.example.com/", fasthttp.MethodGet, OneFactor)
-	tester.CheckAuthorizations(s.T(), UserWithGroups, "https://othergroup.example.com/", "GET", Denied)
+	tester.CheckAuthorizations(s.T(), UserWithGroups, "https://othergroup.example.com/", fasthttp.MethodGet, Denied)
 }
 func (s *AuthorizerSuite) TestShouldCheckMultipleDomainRule() {
@ -174,15 +175,15 @@ func (s *AuthorizerSuite) TestShouldCheckMultipleDomainRule() {
 		}).
 		Build()
-	tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.com/", "GET", Bypass)
+	tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.com/", fasthttp.MethodGet, Bypass)
-	tester.CheckAuthorizations(s.T(), UserWithGroups, "https://private.example.com/", "GET", Bypass)
+	tester.CheckAuthorizations(s.T(), UserWithGroups, "https://private.example.com/", fasthttp.MethodGet, Bypass)
-	tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.com/elsewhere", "GET", Bypass)
+	tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.com/elsewhere", fasthttp.MethodGet, Bypass)
-	tester.CheckAuthorizations(s.T(), UserWithGroups, "https://example.com/", "GET", Denied)
+	tester.CheckAuthorizations(s.T(), UserWithGroups, "https://example.com/", fasthttp.MethodGet, Denied)
-	tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.com.c/", "GET", Denied)
+	tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.com.c/", fasthttp.MethodGet, Denied)
-	tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.co/", "GET", Denied)
+	tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.co/", fasthttp.MethodGet, Denied)
-	tester.CheckAuthorizations(s.T(), UserWithGroups, "https://other.com/", "GET", Bypass)
+	tester.CheckAuthorizations(s.T(), UserWithGroups, "https://other.com/", fasthttp.MethodGet, Bypass)
-	tester.CheckAuthorizations(s.T(), UserWithGroups, "https://other.com/elsewhere", "GET", Bypass)
+	tester.CheckAuthorizations(s.T(), UserWithGroups, "https://other.com/elsewhere", fasthttp.MethodGet, Bypass)
-	tester.CheckAuthorizations(s.T(), UserWithGroups, "https://private.other.com/", "GET", Denied)
+	tester.CheckAuthorizations(s.T(), UserWithGroups, "https://private.other.com/", fasthttp.MethodGet, Denied)
 }
 func (s *AuthorizerSuite) TestShouldCheckFactorsPolicy() {
@ -202,10 +203,10 @@ func (s *AuthorizerSuite) TestShouldCheckFactorsPolicy() {
 		}).
 		Build()
-	tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.com/", "GET", Bypass)
+	tester.CheckAuthorizations(s.T(), UserWithGroups, "https://public.example.com/", fasthttp.MethodGet, Bypass)
-	tester.CheckAuthorizations(s.T(), UserWithGroups, "https://protected.example.com/", "GET", TwoFactor)
+	tester.CheckAuthorizations(s.T(), UserWithGroups, "https://protected.example.com/", fasthttp.MethodGet, TwoFactor)
-	tester.CheckAuthorizations(s.T(), UserWithGroups, "https://single.example.com/", "GET", OneFactor)
+	tester.CheckAuthorizations(s.T(), UserWithGroups, "https://single.example.com/", fasthttp.MethodGet, OneFactor)
-	tester.CheckAuthorizations(s.T(), UserWithGroups, "https://example.com/", "GET", Denied)
+	tester.CheckAuthorizations(s.T(), UserWithGroups, "https://example.com/", fasthttp.MethodGet, Denied)
 }
 func (s *AuthorizerSuite) TestShouldCheckQueryPolicy() {
@ -326,7 +327,7 @@ func (s *AuthorizerSuite) TestShouldCheckQueryPolicy() {
 	for _, tc := range testCases {
 		s.T().Run(tc.name, func(t *testing.T) {
-			tester.CheckAuthorizations(t, UserWithGroups, tc.requestURL, "GET", tc.expected)
+			tester.CheckAuthorizations(t, UserWithGroups, tc.requestURL, fasthttp.MethodGet, tc.expected)
 		})
 	}
 }
@ -349,9 +350,9 @@ func (s *AuthorizerSuite) TestShouldCheckRulePrecedence() {
 		}).
 		Build()
-	tester.CheckAuthorizations(s.T(), John, "https://protected.example.com/", "GET", Bypass)
+	tester.CheckAuthorizations(s.T(), John, "https://protected.example.com/", fasthttp.MethodGet, Bypass)
-	tester.CheckAuthorizations(s.T(), Bob, "https://protected.example.com/", "GET", OneFactor)
+	tester.CheckAuthorizations(s.T(), Bob, "https://protected.example.com/", fasthttp.MethodGet, OneFactor)
-	tester.CheckAuthorizations(s.T(), John, "https://public.example.com/", "GET", TwoFactor)
+	tester.CheckAuthorizations(s.T(), John, "https://public.example.com/", fasthttp.MethodGet, TwoFactor)
 }
 func (s *AuthorizerSuite) TestShouldCheckDomainMatching() {
@ -379,23 +380,23 @@ func (s *AuthorizerSuite) TestShouldCheckDomainMatching() {
 		}).
 		Build()
-	tester.CheckAuthorizations(s.T(), John, "https://public.example.com", "GET", Bypass)
+	tester.CheckAuthorizations(s.T(), John, "https://public.example.com", fasthttp.MethodGet, Bypass)
-	tester.CheckAuthorizations(s.T(), John, "https://public.example.com:8080/", "GET", Bypass)
+	tester.CheckAuthorizations(s.T(), John, "https://public.example.com:8080/", fasthttp.MethodGet, Bypass)
-	tester.CheckAuthorizations(s.T(), Bob, "https://public.example.com", "GET", Bypass)
+	tester.CheckAuthorizations(s.T(), Bob, "https://public.example.com", fasthttp.MethodGet, Bypass)
-	tester.CheckAuthorizations(s.T(), Bob, "https://public.example.com:8080", "GET", Bypass)
+	tester.CheckAuthorizations(s.T(), Bob, "https://public.example.com:8080", fasthttp.MethodGet, Bypass)
-	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://public.example.com", "GET", Bypass)
+	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://public.example.com", fasthttp.MethodGet, Bypass)
-	tester.CheckAuthorizations(s.T(), John, "https://one-factor.example.com", "GET", OneFactor)
+	tester.CheckAuthorizations(s.T(), John, "https://one-factor.example.com", fasthttp.MethodGet, OneFactor)
-	tester.CheckAuthorizations(s.T(), Bob, "https://one-factor.example.com", "GET", OneFactor)
+	tester.CheckAuthorizations(s.T(), Bob, "https://one-factor.example.com", fasthttp.MethodGet, OneFactor)
-	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://one-factor.example.com", "GET", OneFactor)
+	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://one-factor.example.com", fasthttp.MethodGet, OneFactor)
-	tester.CheckAuthorizations(s.T(), John, "https://two-factor.example.com", "GET", TwoFactor)
+	tester.CheckAuthorizations(s.T(), John, "https://two-factor.example.com", fasthttp.MethodGet, TwoFactor)
-	tester.CheckAuthorizations(s.T(), Bob, "https://two-factor.example.com", "GET", TwoFactor)
+	tester.CheckAuthorizations(s.T(), Bob, "https://two-factor.example.com", fasthttp.MethodGet, TwoFactor)
-	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://two-factor.example.com", "GET", TwoFactor)
+	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://two-factor.example.com", fasthttp.MethodGet, TwoFactor)
-	tester.CheckAuthorizations(s.T(), John, "https://x.example.com", "GET", OneFactor)
+	tester.CheckAuthorizations(s.T(), John, "https://x.example.com", fasthttp.MethodGet, OneFactor)
-	tester.CheckAuthorizations(s.T(), Bob, "https://x.example.com", "GET", TwoFactor)
+	tester.CheckAuthorizations(s.T(), Bob, "https://x.example.com", fasthttp.MethodGet, TwoFactor)
-	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://x.example.com", "GET", OneFactor)
+	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://x.example.com", fasthttp.MethodGet, OneFactor)
 	s.Require().Len(tester.rules, 5)
@ -487,12 +488,12 @@ func (s *AuthorizerSuite) TestShouldCheckDomainRegexMatching() {
 		}).
 		Build()
-	tester.CheckAuthorizations(s.T(), John, "https://john.regex.com", "GET", OneFactor)
+	tester.CheckAuthorizations(s.T(), John, "https://john.regex.com", fasthttp.MethodGet, OneFactor)
-	tester.CheckAuthorizations(s.T(), Bob, "https://john.regex.com", "GET", Denied)
+	tester.CheckAuthorizations(s.T(), Bob, "https://john.regex.com", fasthttp.MethodGet, Denied)
-	tester.CheckAuthorizations(s.T(), Bob, "https://public.example.com", "GET", Bypass)
+	tester.CheckAuthorizations(s.T(), Bob, "https://public.example.com", fasthttp.MethodGet, Bypass)
-	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://public.example2.com", "GET", OneFactor)
+	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://public.example2.com", fasthttp.MethodGet, OneFactor)
-	tester.CheckAuthorizations(s.T(), John, "https://group-dev.regex.com", "GET", TwoFactor)
+	tester.CheckAuthorizations(s.T(), John, "https://group-dev.regex.com", fasthttp.MethodGet, TwoFactor)
-	tester.CheckAuthorizations(s.T(), Bob, "https://group-dev.regex.com", "GET", Denied)
+	tester.CheckAuthorizations(s.T(), Bob, "https://group-dev.regex.com", fasthttp.MethodGet, Denied)
 	s.Require().Len(tester.rules, 5)
@ -564,43 +565,43 @@ func (s *AuthorizerSuite) TestShouldCheckResourceSubjectMatching() {
 		Build()
 	// Accessing the unprotected root.
-	tester.CheckAuthorizations(s.T(), John, "https://id.example.com", "GET", Bypass)
+	tester.CheckAuthorizations(s.T(), John, "https://id.example.com", fasthttp.MethodGet, Bypass)
-	tester.CheckAuthorizations(s.T(), Bob, "https://id.example.com", "GET", Bypass)
+	tester.CheckAuthorizations(s.T(), Bob, "https://id.example.com", fasthttp.MethodGet, Bypass)
-	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://id.example.com", "GET", Bypass)
+	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://id.example.com", fasthttp.MethodGet, Bypass)
 	// Accessing Personal page.
-	tester.CheckAuthorizations(s.T(), John, "https://id.example.com/john/personal", "GET", OneFactor)
+	tester.CheckAuthorizations(s.T(), John, "https://id.example.com/john/personal", fasthttp.MethodGet, OneFactor)
-	tester.CheckAuthorizations(s.T(), John, "https://id.example.com/John/personal", "GET", OneFactor)
+	tester.CheckAuthorizations(s.T(), John, "https://id.example.com/John/personal", fasthttp.MethodGet, OneFactor)
-	tester.CheckAuthorizations(s.T(), Bob, "https://id.example.com/bob/personal", "GET", OneFactor)
+	tester.CheckAuthorizations(s.T(), Bob, "https://id.example.com/bob/personal", fasthttp.MethodGet, OneFactor)
-	tester.CheckAuthorizations(s.T(), Bob, "https://id.example.com/Bob/personal", "GET", OneFactor)
+	tester.CheckAuthorizations(s.T(), Bob, "https://id.example.com/Bob/personal", fasthttp.MethodGet, OneFactor)
 	// Accessing an invalid users Personal page.
-	tester.CheckAuthorizations(s.T(), John, "https://id.example.com/invaliduser/personal", "GET", Denied)
+	tester.CheckAuthorizations(s.T(), John, "https://id.example.com/invaliduser/personal", fasthttp.MethodGet, Denied)
-	tester.CheckAuthorizations(s.T(), Bob, "https://id.example.com/invaliduser/personal", "GET", Denied)
+	tester.CheckAuthorizations(s.T(), Bob, "https://id.example.com/invaliduser/personal", fasthttp.MethodGet, Denied)
-	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://id.example.com/invaliduser/personal", "GET", OneFactor)
+	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://id.example.com/invaliduser/personal", fasthttp.MethodGet, OneFactor)
 	// Accessing another users Personal page.
-	tester.CheckAuthorizations(s.T(), John, "https://id.example.com/bob/personal", "GET", Denied)
+	tester.CheckAuthorizations(s.T(), John, "https://id.example.com/bob/personal", fasthttp.MethodGet, Denied)
-	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://id.example.com/bob/personal", "GET", OneFactor)
+	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://id.example.com/bob/personal", fasthttp.MethodGet, OneFactor)
-	tester.CheckAuthorizations(s.T(), John, "https://id.example.com/Bob/personal", "GET", Denied)
+	tester.CheckAuthorizations(s.T(), John, "https://id.example.com/Bob/personal", fasthttp.MethodGet, Denied)
-	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://id.example.com/Bob/personal", "GET", OneFactor)
+	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://id.example.com/Bob/personal", fasthttp.MethodGet, OneFactor)
-	tester.CheckAuthorizations(s.T(), Bob, "https://id.example.com/john/personal", "GET", Denied)
+	tester.CheckAuthorizations(s.T(), Bob, "https://id.example.com/john/personal", fasthttp.MethodGet, Denied)
-	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://id.example.com/john/personal", "GET", OneFactor)
+	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://id.example.com/john/personal", fasthttp.MethodGet, OneFactor)
-	tester.CheckAuthorizations(s.T(), Bob, "https://id.example.com/John/personal", "GET", Denied)
+	tester.CheckAuthorizations(s.T(), Bob, "https://id.example.com/John/personal", fasthttp.MethodGet, Denied)
-	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://id.example.com/John/personal", "GET", OneFactor)
+	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://id.example.com/John/personal", fasthttp.MethodGet, OneFactor)
 	// Accessing a Group page.
-	tester.CheckAuthorizations(s.T(), John, "https://id.example.com/dev/group", "GET", OneFactor)
+	tester.CheckAuthorizations(s.T(), John, "https://id.example.com/dev/group", fasthttp.MethodGet, OneFactor)
-	tester.CheckAuthorizations(s.T(), John, "https://id.example.com/admins/group", "GET", OneFactor)
+	tester.CheckAuthorizations(s.T(), John, "https://id.example.com/admins/group", fasthttp.MethodGet, OneFactor)
-	tester.CheckAuthorizations(s.T(), Bob, "https://id.example.com/dev/group", "GET", Denied)
+	tester.CheckAuthorizations(s.T(), Bob, "https://id.example.com/dev/group", fasthttp.MethodGet, Denied)
-	tester.CheckAuthorizations(s.T(), Bob, "https://id.example.com/admins/group", "GET", Denied)
+	tester.CheckAuthorizations(s.T(), Bob, "https://id.example.com/admins/group", fasthttp.MethodGet, Denied)
-	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://id.example.com/dev/group", "GET", OneFactor)
+	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://id.example.com/dev/group", fasthttp.MethodGet, OneFactor)
-	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://id.example.com/admins/group", "GET", OneFactor)
+	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://id.example.com/admins/group", fasthttp.MethodGet, OneFactor)
 	// Accessing an invalid group's Group page.
-	tester.CheckAuthorizations(s.T(), John, "https://id.example.com/invalidgroup/group", "GET", Denied)
+	tester.CheckAuthorizations(s.T(), John, "https://id.example.com/invalidgroup/group", fasthttp.MethodGet, Denied)
-	tester.CheckAuthorizations(s.T(), Bob, "https://id.example.com/invalidgroup/group", "GET", Denied)
+	tester.CheckAuthorizations(s.T(), Bob, "https://id.example.com/invalidgroup/group", fasthttp.MethodGet, Denied)
-	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://id.example.com/invalidgroup/group", "GET", OneFactor)
+	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://id.example.com/invalidgroup/group", fasthttp.MethodGet, OneFactor)
 	s.Require().Len(tester.rules, 3)
@ -635,8 +636,8 @@ func (s *AuthorizerSuite) TestShouldCheckUserMatching() {
 		}).
 		Build()
-	tester.CheckAuthorizations(s.T(), John, "https://protected.example.com/", "GET", OneFactor)
+	tester.CheckAuthorizations(s.T(), John, "https://protected.example.com/", fasthttp.MethodGet, OneFactor)
-	tester.CheckAuthorizations(s.T(), Bob, "https://protected.example.com/", "GET", Denied)
+	tester.CheckAuthorizations(s.T(), Bob, "https://protected.example.com/", fasthttp.MethodGet, Denied)
 }
 func (s *AuthorizerSuite) TestShouldCheckGroupMatching() {
@ -649,8 +650,8 @@ func (s *AuthorizerSuite) TestShouldCheckGroupMatching() {
 		}).
 		Build()
-	tester.CheckAuthorizations(s.T(), John, "https://protected.example.com/", "GET", OneFactor)
+	tester.CheckAuthorizations(s.T(), John, "https://protected.example.com/", fasthttp.MethodGet, OneFactor)
-	tester.CheckAuthorizations(s.T(), Bob, "https://protected.example.com/", "GET", Denied)
+	tester.CheckAuthorizations(s.T(), Bob, "https://protected.example.com/", fasthttp.MethodGet, Denied)
 }
 func (s *AuthorizerSuite) TestShouldCheckSubjectsMatching() {
@ -663,10 +664,10 @@ func (s *AuthorizerSuite) TestShouldCheckSubjectsMatching() {
 		}).
 		Build()
-	tester.CheckAuthorizations(s.T(), John, "https://protected.example.com/", "GET", OneFactor)
+	tester.CheckAuthorizations(s.T(), John, "https://protected.example.com/", fasthttp.MethodGet, OneFactor)
-	tester.CheckAuthorizations(s.T(), Bob, "https://protected.example.com/", "GET", OneFactor)
+	tester.CheckAuthorizations(s.T(), Bob, "https://protected.example.com/", fasthttp.MethodGet, OneFactor)
-	tester.CheckAuthorizations(s.T(), Sam, "https://protected.example.com/", "GET", Denied)
+	tester.CheckAuthorizations(s.T(), Sam, "https://protected.example.com/", fasthttp.MethodGet, Denied)
-	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://protected.example.com/", "GET", OneFactor)
+	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://protected.example.com/", fasthttp.MethodGet, OneFactor)
 }
 func (s *AuthorizerSuite) TestShouldCheckMultipleSubjectsMatching() {
@ -679,9 +680,9 @@ func (s *AuthorizerSuite) TestShouldCheckMultipleSubjectsMatching() {
 		}).
 		Build()
-	tester.CheckAuthorizations(s.T(), John, "https://protected.example.com/", "GET", OneFactor)
+	tester.CheckAuthorizations(s.T(), John, "https://protected.example.com/", fasthttp.MethodGet, OneFactor)
-	tester.CheckAuthorizations(s.T(), Bob, "https://protected.example.com/", "GET", Denied)
+	tester.CheckAuthorizations(s.T(), Bob, "https://protected.example.com/", fasthttp.MethodGet, Denied)
-	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://protected.example.com/", "GET", OneFactor)
+	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://protected.example.com/", fasthttp.MethodGet, OneFactor)
 }
 func (s *AuthorizerSuite) TestShouldCheckIPMatching() {
@ -714,18 +715,18 @@ func (s *AuthorizerSuite) TestShouldCheckIPMatching() {
 		}).
 		Build()
-	tester.CheckAuthorizations(s.T(), John, "https://protected.example.com/", "GET", Bypass)
+	tester.CheckAuthorizations(s.T(), John, "https://protected.example.com/", fasthttp.MethodGet, Bypass)
-	tester.CheckAuthorizations(s.T(), Bob, "https://protected.example.com/", "GET", OneFactor)
+	tester.CheckAuthorizations(s.T(), Bob, "https://protected.example.com/", fasthttp.MethodGet, OneFactor)
-	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://protected.example.com/", "GET", Denied)
+	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://protected.example.com/", fasthttp.MethodGet, Denied)
-	tester.CheckAuthorizations(s.T(), John, "https://net.example.com/", "GET", TwoFactor)
+	tester.CheckAuthorizations(s.T(), John, "https://net.example.com/", fasthttp.MethodGet, TwoFactor)
-	tester.CheckAuthorizations(s.T(), Bob, "https://net.example.com/", "GET", TwoFactor)
+	tester.CheckAuthorizations(s.T(), Bob, "https://net.example.com/", fasthttp.MethodGet, TwoFactor)
-	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://net.example.com/", "GET", Denied)
+	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://net.example.com/", fasthttp.MethodGet, Denied)
-	tester.CheckAuthorizations(s.T(), Sally, "https://ipv6-alt.example.com/", "GET", Denied)
+	tester.CheckAuthorizations(s.T(), Sally, "https://ipv6-alt.example.com/", fasthttp.MethodGet, Denied)
-	tester.CheckAuthorizations(s.T(), Sam, "https://ipv6-alt.example.com/", "GET", TwoFactor)
+	tester.CheckAuthorizations(s.T(), Sam, "https://ipv6-alt.example.com/", fasthttp.MethodGet, TwoFactor)
-	tester.CheckAuthorizations(s.T(), Sally, "https://ipv6.example.com/", "GET", TwoFactor)
+	tester.CheckAuthorizations(s.T(), Sally, "https://ipv6.example.com/", fasthttp.MethodGet, TwoFactor)
-	tester.CheckAuthorizations(s.T(), Sam, "https://ipv6.example.com/", "GET", TwoFactor)
+	tester.CheckAuthorizations(s.T(), Sam, "https://ipv6.example.com/", fasthttp.MethodGet, TwoFactor)
 }
 func (s *AuthorizerSuite) TestShouldCheckMethodMatching() {
@ -734,31 +735,31 @@ func (s *AuthorizerSuite) TestShouldCheckMethodMatching() {
 		WithRule(schema.ACLRule{
 			Domains: []string{"protected.example.com"},
 			Policy:  bypass,
-			Methods: []string{"OPTIONS", "HEAD", "GET", "CONNECT", "TRACE"},
+			Methods: []string{fasthttp.MethodOptions, fasthttp.MethodHead, fasthttp.MethodGet, fasthttp.MethodConnect, fasthttp.MethodTrace},
 		}).
 		WithRule(schema.ACLRule{
 			Domains: []string{"protected.example.com"},
 			Policy:  oneFactor,
-			Methods: []string{"PUT", "PATCH", "POST"},
+			Methods: []string{fasthttp.MethodPut, fasthttp.MethodPatch, fasthttp.MethodPost},
 		}).
 		WithRule(schema.ACLRule{
 			Domains: []string{"protected.example.com"},
 			Policy:  twoFactor,
-			Methods: []string{"DELETE"},
+			Methods: []string{fasthttp.MethodDelete},
 		}).
 		Build()
-	tester.CheckAuthorizations(s.T(), John, "https://protected.example.com/", "GET", Bypass)
+	tester.CheckAuthorizations(s.T(), John, "https://protected.example.com/", fasthttp.MethodGet, Bypass)
-	tester.CheckAuthorizations(s.T(), Bob, "https://protected.example.com/", "OPTIONS", Bypass)
+	tester.CheckAuthorizations(s.T(), Bob, "https://protected.example.com/", fasthttp.MethodOptions, Bypass)
-	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://protected.example.com/", "HEAD", Bypass)
+	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://protected.example.com/", fasthttp.MethodHead, Bypass)
-	tester.CheckAuthorizations(s.T(), John, "https://protected.example.com/", "CONNECT", Bypass)
+	tester.CheckAuthorizations(s.T(), John, "https://protected.example.com/", fasthttp.MethodConnect, Bypass)
-	tester.CheckAuthorizations(s.T(), Bob, "https://protected.example.com/", "TRACE", Bypass)
+	tester.CheckAuthorizations(s.T(), Bob, "https://protected.example.com/", fasthttp.MethodTrace, Bypass)
-	tester.CheckAuthorizations(s.T(), John, "https://protected.example.com/", "PUT", OneFactor)
+	tester.CheckAuthorizations(s.T(), John, "https://protected.example.com/", fasthttp.MethodPut, OneFactor)
-	tester.CheckAuthorizations(s.T(), Bob, "https://protected.example.com/", "PATCH", OneFactor)
+	tester.CheckAuthorizations(s.T(), Bob, "https://protected.example.com/", fasthttp.MethodPatch, OneFactor)
-	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://protected.example.com/", "POST", OneFactor)
+	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://protected.example.com/", fasthttp.MethodPost, OneFactor)
-	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://protected.example.com/", "DELETE", TwoFactor)
+	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://protected.example.com/", fasthttp.MethodDelete, TwoFactor)
 }
 func (s *AuthorizerSuite) TestShouldCheckResourceMatching() {
@ -799,34 +800,34 @@ func (s *AuthorizerSuite) TestShouldCheckResourceMatching() {
 		}).
 		Build()
-	tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/", "GET", Bypass)
+	tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/", fasthttp.MethodGet, Bypass)
-	tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/abc", "GET", Bypass)
+	tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/abc", fasthttp.MethodGet, Bypass)
-	tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/", "GET", Bypass)
+	tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/", fasthttp.MethodGet, Bypass)
-	tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/one_factor/abc", "GET", OneFactor)
+	tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/one_factor/abc", fasthttp.MethodGet, OneFactor)
-	tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/xyz/embedded/abc", "GET", Bypass)
+	tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/xyz/embedded/abc", fasthttp.MethodGet, Bypass)
-	tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/a/longer/rule/abc", "GET", TwoFactor)
+	tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/a/longer/rule/abc", fasthttp.MethodGet, TwoFactor)
-	tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/case/abc", "GET", Bypass)
+	tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/case/abc", fasthttp.MethodGet, Bypass)
-	tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/case/ABC", "GET", Denied)
+	tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/case/ABC", fasthttp.MethodGet, Denied)
-	tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/an/exact/path/", "GET", TwoFactor)
+	tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/an/exact/path/", fasthttp.MethodGet, TwoFactor)
-	tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/../a/longer/rule/abc", "GET", TwoFactor)
+	tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/../a/longer/rule/abc", fasthttp.MethodGet, TwoFactor)
-	tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/..//a/longer/rule/abc", "GET", TwoFactor)
+	tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/..//a/longer/rule/abc", fasthttp.MethodGet, TwoFactor)
-	tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/..%2f/a/longer/rule/abc", "GET", TwoFactor)
+	tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/..%2f/a/longer/rule/abc", fasthttp.MethodGet, TwoFactor)
-	tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/..%2fa/longer/rule/abc", "GET", TwoFactor)
+	tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/..%2fa/longer/rule/abc", fasthttp.MethodGet, TwoFactor)
-	tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/..%2F/a/longer/rule/abc", "GET", TwoFactor)
+	tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/..%2F/a/longer/rule/abc", fasthttp.MethodGet, TwoFactor)
-	tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/..%2Fa/longer/rule/abc", "GET", TwoFactor)
+	tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/..%2Fa/longer/rule/abc", fasthttp.MethodGet, TwoFactor)
-	tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2e%2e/a/longer/rule/abc", "GET", TwoFactor)
+	tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2e%2e/a/longer/rule/abc", fasthttp.MethodGet, TwoFactor)
-	tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2e%2e//a/longer/rule/abc", "GET", TwoFactor)
+	tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2e%2e//a/longer/rule/abc", fasthttp.MethodGet, TwoFactor)
-	tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2e%2e%2f/a/longer/rule/abc", "GET", TwoFactor)
+	tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2e%2e%2f/a/longer/rule/abc", fasthttp.MethodGet, TwoFactor)
-	tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2e%2e%2fa/longer/rule/abc", "GET", TwoFactor)
+	tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2e%2e%2fa/longer/rule/abc", fasthttp.MethodGet, TwoFactor)
-	tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2e%2e%2F/a/longer/rule/abc", "GET", TwoFactor)
+	tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2e%2e%2F/a/longer/rule/abc", fasthttp.MethodGet, TwoFactor)
-	tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2e%2e%2Fa/longer/rule/abc", "GET", TwoFactor)
+	tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2e%2e%2Fa/longer/rule/abc", fasthttp.MethodGet, TwoFactor)
-	tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2E%2E/a/longer/rule/abc", "GET", TwoFactor)
+	tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2E%2E/a/longer/rule/abc", fasthttp.MethodGet, TwoFactor)
-	tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2E%2E//a/longer/rule/abc", "GET", TwoFactor)
+	tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2E%2E//a/longer/rule/abc", fasthttp.MethodGet, TwoFactor)
-	tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2E%2E%2f/a/longer/rule/abc", "GET", TwoFactor)
+	tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2E%2E%2f/a/longer/rule/abc", fasthttp.MethodGet, TwoFactor)
-	tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2E%2E%2fa/longer/rule/abc", "GET", TwoFactor)
+	tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2E%2E%2fa/longer/rule/abc", fasthttp.MethodGet, TwoFactor)
-	tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2E%2E%2F/a/longer/rule/abc", "GET", TwoFactor)
+	tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2E%2E%2F/a/longer/rule/abc", fasthttp.MethodGet, TwoFactor)
-	tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2E%2E%2Fa/longer/rule/abc", "GET", TwoFactor)
+	tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2E%2E%2Fa/longer/rule/abc", fasthttp.MethodGet, TwoFactor)
-	tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2E%2E%2Fan/exact/path/", "GET", TwoFactor)
+	tester.CheckAuthorizations(s.T(), John, "https://resource.example.com/bypass/%2E%2E%2Fan/exact/path/", fasthttp.MethodGet, TwoFactor)
 }
 // This test assures that rules without domains (not allowed by schema validator at this time) will pass validation correctly.
@ -834,33 +835,33 @@ func (s *AuthorizerSuite) TestShouldMatchAnyDomainIfBlank() {
 	tester := NewAuthorizerBuilder().
 		WithRule(schema.ACLRule{
 			Policy:  bypass,
-			Methods: []string{"OPTIONS", "HEAD", "GET", "CONNECT", "TRACE"},
+			Methods: []string{fasthttp.MethodOptions, fasthttp.MethodHead, fasthttp.MethodGet, fasthttp.MethodConnect, fasthttp.MethodTrace},
 		}).
 		WithRule(schema.ACLRule{
 			Policy:  oneFactor,
-			Methods: []string{"PUT", "PATCH"},
+			Methods: []string{fasthttp.MethodPut, fasthttp.MethodPatch},
 		}).
 		WithRule(schema.ACLRule{
 			Policy:  twoFactor,
-			Methods: []string{"DELETE"},
+			Methods: []string{fasthttp.MethodDelete},
 		}).
 		Build()
-	tester.CheckAuthorizations(s.T(), John, "https://one.domain-four.com", "GET", Bypass)
+	tester.CheckAuthorizations(s.T(), John, "https://one.domain-four.com", fasthttp.MethodGet, Bypass)
-	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://one.domain-three.com", "GET", Bypass)
+	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://one.domain-three.com", fasthttp.MethodGet, Bypass)
-	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://one.domain-two.com", "OPTIONS", Bypass)
+	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://one.domain-two.com", fasthttp.MethodOptions, Bypass)
-	tester.CheckAuthorizations(s.T(), John, "https://one.domain-four.com", "PUT", OneFactor)
+	tester.CheckAuthorizations(s.T(), John, "https://one.domain-four.com", fasthttp.MethodPut, OneFactor)
-	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://one.domain-three.com", "PATCH", OneFactor)
+	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://one.domain-three.com", fasthttp.MethodPatch, OneFactor)
-	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://one.domain-two.com", "PUT", OneFactor)
+	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://one.domain-two.com", fasthttp.MethodPut, OneFactor)
-	tester.CheckAuthorizations(s.T(), John, "https://one.domain-four.com", "DELETE", TwoFactor)
+	tester.CheckAuthorizations(s.T(), John, "https://one.domain-four.com", fasthttp.MethodDelete, TwoFactor)
-	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://one.domain-three.com", "DELETE", TwoFactor)
+	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://one.domain-three.com", fasthttp.MethodDelete, TwoFactor)
-	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://one.domain-two.com", "DELETE", TwoFactor)
+	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://one.domain-two.com", fasthttp.MethodDelete, TwoFactor)
-	tester.CheckAuthorizations(s.T(), John, "https://one.domain-four.com", "POST", Denied)
+	tester.CheckAuthorizations(s.T(), John, "https://one.domain-four.com", fasthttp.MethodPost, Denied)
-	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://one.domain-three.com", "POST", Denied)
+	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://one.domain-three.com", fasthttp.MethodPost, Denied)
-	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://one.domain-two.com", "POST", Denied)
+	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://one.domain-two.com", fasthttp.MethodPost, Denied)
 }
 func (s *AuthorizerSuite) TestShouldMatchResourceWithSubjectRules() {
@ -911,29 +912,29 @@ func (s *AuthorizerSuite) TestShouldMatchResourceWithSubjectRules() {
 		}).
 		Build()
-	tester.CheckAuthorizations(s.T(), John, "https://public.example.com", "GET", Bypass)
+	tester.CheckAuthorizations(s.T(), John, "https://public.example.com", fasthttp.MethodGet, Bypass)
-	tester.CheckAuthorizations(s.T(), Bob, "https://public.example.com", "GET", Bypass)
+	tester.CheckAuthorizations(s.T(), Bob, "https://public.example.com", fasthttp.MethodGet, Bypass)
-	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://public.example.com", "GET", Bypass)
+	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://public.example.com", fasthttp.MethodGet, Bypass)
-	tester.CheckAuthorizations(s.T(), John, "https://public.example.com/admin/index.html", "GET", OneFactor)
+	tester.CheckAuthorizations(s.T(), John, "https://public.example.com/admin/index.html", fasthttp.MethodGet, OneFactor)
-	tester.CheckAuthorizations(s.T(), Bob, "https://public.example.com/admin/index.html", "GET", Denied)
+	tester.CheckAuthorizations(s.T(), Bob, "https://public.example.com/admin/index.html", fasthttp.MethodGet, Denied)
-	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://public.example.com/admin/index.html", "GET", OneFactor)
+	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://public.example.com/admin/index.html", fasthttp.MethodGet, OneFactor)
-	tester.CheckAuthorizations(s.T(), John, "https://public2.example.com", "GET", Bypass)
+	tester.CheckAuthorizations(s.T(), John, "https://public2.example.com", fasthttp.MethodGet, Bypass)
-	tester.CheckAuthorizations(s.T(), Bob, "https://public2.example.com", "GET", Bypass)
+	tester.CheckAuthorizations(s.T(), Bob, "https://public2.example.com", fasthttp.MethodGet, Bypass)
-	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://public2.example.com", "GET", Bypass)
+	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://public2.example.com", fasthttp.MethodGet, Bypass)
-	tester.CheckAuthorizations(s.T(), John, "https://public2.example.com/admin/index.html", "GET", Bypass)
+	tester.CheckAuthorizations(s.T(), John, "https://public2.example.com/admin/index.html", fasthttp.MethodGet, Bypass)
-	tester.CheckAuthorizations(s.T(), Bob, "https://public2.example.com/admin/index.html", "GET", Denied)
+	tester.CheckAuthorizations(s.T(), Bob, "https://public2.example.com/admin/index.html", fasthttp.MethodGet, Denied)
 	// This test returns this result since we validate the schema instead of validating it in code.
-	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://public2.example.com/admin/index.html", "GET", Bypass)
+	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://public2.example.com/admin/index.html", fasthttp.MethodGet, Bypass)
-	tester.CheckAuthorizations(s.T(), John, "https://private.example.com", "GET", TwoFactor)
+	tester.CheckAuthorizations(s.T(), John, "https://private.example.com", fasthttp.MethodGet, TwoFactor)
-	tester.CheckAuthorizations(s.T(), Bob, "https://private.example.com", "GET", Denied)
+	tester.CheckAuthorizations(s.T(), Bob, "https://private.example.com", fasthttp.MethodGet, Denied)
-	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://private.example.com", "GET", TwoFactor)
+	tester.CheckAuthorizations(s.T(), AnonymousUser, "https://private.example.com", fasthttp.MethodGet, TwoFactor)
-	results := tester.GetRuleMatchResults(John, "https://private.example.com", "GET")
+	results := tester.GetRuleMatchResults(John, "https://private.example.com", fasthttp.MethodGet)
 	s.Require().Len(results, 7)
--- a/internal/authorization/types_test.go
+++ b/internal/authorization/types_test.go
@ -6,6 +6,7 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"github.com/valyala/fasthttp"
 )
 func TestShouldAppendQueryParamToURL(t *testing.T) {
@ -13,12 +14,12 @@ func TestShouldAppendQueryParamToURL(t *testing.T) {
 	require.NoError(t, err)
-	object := NewObject(targetURL, "GET")
+	object := NewObject(targetURL, fasthttp.MethodGet)
 	assert.Equal(t, "https", object.URL.Scheme)
 	assert.Equal(t, "domain.example.com", object.Domain)
 	assert.Equal(t, "/api?type=none", object.Path)
-	assert.Equal(t, "GET", object.Method)
+	assert.Equal(t, fasthttp.MethodGet, object.Method)
 }
 func TestShouldCreateNewObjectFromRaw(t *testing.T) {
@ -26,13 +27,13 @@ func TestShouldCreateNewObjectFromRaw(t *testing.T) {
 	require.NoError(t, err)
-	object := NewObjectRaw(targetURL, []byte("GET"))
+	object := NewObjectRaw(targetURL, []byte(fasthttp.MethodGet))
 	assert.Equal(t, "https", object.URL.Scheme)
 	assert.Equal(t, "domain.example.com", object.Domain)
 	assert.Equal(t, "/api", object.URL.Path)
 	assert.Equal(t, "/api", object.Path)
-	assert.Equal(t, "GET", object.Method)
+	assert.Equal(t, fasthttp.MethodGet, object.Method)
 }
 func TestShouldCleanURL(t *testing.T) {
@ -43,14 +44,14 @@ func TestShouldCleanURL(t *testing.T) {
 		expectedScheme, expectedDomain, expectedPath, expectedPathClean string
 	}{
-		{"https://a.com", "/a/../t", "GET", "https", "a.com", "/a/../t", "/t"},
+		{"https://a.com", "/a/../t", fasthttp.MethodGet, "https", "a.com", "/a/../t", "/t"},
-		{"https://a.com", "/a/..%2f/t", "GET", "https", "a.com", "/a/..//t", "/t"},
+		{"https://a.com", "/a/..%2f/t", fasthttp.MethodGet, "https", "a.com", "/a/..//t", "/t"},
-		{"https://a.com", "/a/..%2ft", "GET", "https", "a.com", "/a/../t", "/t"},
+		{"https://a.com", "/a/..%2ft", fasthttp.MethodGet, "https", "a.com", "/a/../t", "/t"},
-		{"https://a.com", "/a/..%2F/t", "GET", "https", "a.com", "/a/..//t", "/t"},
+		{"https://a.com", "/a/..%2F/t", fasthttp.MethodGet, "https", "a.com", "/a/..//t", "/t"},
-		{"https://a.com", "/a/..%2Ft", "GET", "https", "a.com", "/a/../t", "/t"},
+		{"https://a.com", "/a/..%2Ft", fasthttp.MethodGet, "https", "a.com", "/a/../t", "/t"},
-		{"https://a.com", "/a/..%2Ft", "GET", "https", "a.com", "/a/../t", "/t"},
+		{"https://a.com", "/a/..%2Ft", fasthttp.MethodGet, "https", "a.com", "/a/../t", "/t"},
-		{"https://a.com", "/a/%2F..%2Ft", "GET", "https", "a.com", "/a//../t", "/t"},
+		{"https://a.com", "/a/%2F..%2Ft", fasthttp.MethodGet, "https", "a.com", "/a//../t", "/t"},
-		{"https://a.com", "/a/%2F%2e%2e%2Ft", "GET", "https", "a.com", "/a//../t", "/t"},
+		{"https://a.com", "/a/%2F%2e%2e%2Ft", fasthttp.MethodGet, "https", "a.com", "/a//../t", "/t"},
 	}
 	for _, tc := range testCases {
--- a/internal/commands/acl.go
+++ b/internal/commands/acl.go
@ -8,6 +8,7 @@ import (
 	"strings"
 	"github.com/spf13/cobra"
 	"github.com/valyala/fasthttp"
 	"github.com/authelia/authelia/v4/internal/authorization"
 	"github.com/authelia/authelia/v4/internal/configuration/validator"
@ -45,7 +46,7 @@ func newAccessControlCheckCommand(ctx *CmdCtx) (cmd *cobra.Command) {
 	}
 	cmd.Flags().String("url", "", "the url of the object")
-	cmd.Flags().String("method", "GET", "the HTTP method of the object")
+	cmd.Flags().String("method", fasthttp.MethodGet, "the HTTP method of the object")
 	cmd.Flags().String("username", "", "the username of the subject")
 	cmd.Flags().StringSlice("groups", nil, "the groups of the subject")
 	cmd.Flags().String("ip", "", "the ip of the subject")
--- a/internal/configuration/validator/access_control_test.go
+++ b/internal/configuration/validator/access_control_test.go
@ -7,6 +7,7 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/suite"
 	"github.com/valyala/fasthttp"
 	"github.com/authelia/authelia/v4/internal/configuration/schema"
 )
@ -185,7 +186,7 @@ func (suite *AccessControl) TestShouldRaiseErrorInvalidMethod() {
 		{
 			Domains: []string{"public.example.com"},
 			Policy:  "bypass",
-			Methods: []string{"GET", "HOP"},
+			Methods: []string{fasthttp.MethodGet, "HOP"},
 		},
 	}
@ -202,7 +203,7 @@ func (suite *AccessControl) TestShouldRaiseErrorDuplicateMethod() {
 		{
 			Domains: []string{"public.example.com"},
 			Policy:  "bypass",
-			Methods: []string{"GET", "GET"},
+			Methods: []string{fasthttp.MethodGet, fasthttp.MethodGet},
 		},
 	}
--- a/internal/configuration/validator/const.go
+++ b/internal/configuration/validator/const.go
@ -4,6 +4,7 @@ import (
 	"regexp"
 	"github.com/go-webauthn/webauthn/protocol"
 	"github.com/valyala/fasthttp"
 	"github.com/authelia/authelia/v4/internal/configuration/schema"
 	"github.com/authelia/authelia/v4/internal/oidc"
@ -380,7 +381,7 @@ var (
 	validLogLevels                           = []string{"trace", "debug", "info", "warn", "error"}
 	validWebAuthnConveyancePreferences       = []string{string(protocol.PreferNoAttestation), string(protocol.PreferIndirectAttestation), string(protocol.PreferDirectAttestation)}
 	validWebAuthnUserVerificationRequirement = []string{string(protocol.VerificationDiscouraged), string(protocol.VerificationPreferred), string(protocol.VerificationRequired)}
-	validRFC7231HTTPMethodVerbs              = []string{"GET", "HEAD", "POST", "PUT", "PATCH", "DELETE", "TRACE", "CONNECT", "OPTIONS"}
+	validRFC7231HTTPMethodVerbs              = []string{fasthttp.MethodGet, fasthttp.MethodHead, fasthttp.MethodPost, fasthttp.MethodPut, fasthttp.MethodPatch, fasthttp.MethodDelete, fasthttp.MethodTrace, fasthttp.MethodConnect, fasthttp.MethodOptions}
 	validRFC4918HTTPMethodVerbs              = []string{"COPY", "LOCK", "MKCOL", "MOVE", "PROPFIND", "PROPPATCH", "UNLOCK"}
 )
--- a/internal/duo/duo.go
+++ b/internal/duo/duo.go
@ -5,6 +5,7 @@ import (
 	"net/url"
 	duoapi "github.com/duosecurity/duo_api_golang"
 	"github.com/valyala/fasthttp"
 	"github.com/authelia/authelia/v4/internal/middlewares"
 	"github.com/authelia/authelia/v4/internal/session"
@ -47,7 +48,7 @@ func (d *APIImpl) Call(ctx *middlewares.AutheliaCtx, userSession *session.UserSe
 func (d *APIImpl) PreAuthCall(ctx *middlewares.AutheliaCtx, userSession *session.UserSession, values url.Values) (*PreAuthResponse, error) {
 	var preAuthResponse PreAuthResponse
-	response, err := d.Call(ctx, userSession, values, "POST", "/auth/v2/preauth")
+	response, err := d.Call(ctx, userSession, values, fasthttp.MethodPost, "/auth/v2/preauth")
 	if err != nil {
 		return nil, err
 	}
@ -64,7 +65,7 @@ func (d *APIImpl) PreAuthCall(ctx *middlewares.AutheliaCtx, userSession *session
 func (d *APIImpl) AuthCall(ctx *middlewares.AutheliaCtx, userSession *session.UserSession, values url.Values) (*AuthResponse, error) {
 	var authResponse AuthResponse
-	response, err := d.Call(ctx, userSession, values, "POST", "/auth/v2/auth")
+	response, err := d.Call(ctx, userSession, values, fasthttp.MethodPost, "/auth/v2/auth")
 	if err != nil {
 		return nil, err
 	}
--- a/internal/handlers/handler_authz_impl_legacy_test.go
+++ b/internal/handlers/handler_authz_impl_legacy_test.go
@ -477,7 +477,7 @@ func (s *LegacyAuthzSuite) TestShouldHandleLegacyBasicAuth() { // TestShouldVeri
 	s.ConfigureMockSessionProviderWithAutomaticAutheliaURLs(mock)
 	mock.Ctx.QueryArgs().Add("auth", "basic")
-	mock.Ctx.Request.Header.Set("Authorization", "Basic am9objpwYXNzd29yZA==")
+	mock.Ctx.Request.Header.Set(fasthttp.HeaderAuthorization, "Basic am9objpwYXNzd29yZA==")
 	mock.Ctx.Request.Header.Set("X-Original-URL", "https://one-factor.example.com")
 	gomock.InOrder(
@ -510,19 +510,19 @@ func (s *LegacyAuthzSuite) TestShouldHandleLegacyBasicAuthFailures() {
 		{
 			"HeaderEmpty", // TestShouldVerifyAuthBasicArgFailingEmptyHeader.
 			func(mock *mocks.MockAutheliaCtx) {
-				mock.Ctx.Request.Header.Set("Authorization", "")
+				mock.Ctx.Request.Header.Set(fasthttp.HeaderAuthorization, "")
 			},
 		},
 		{
 			"HeaderIncorrect", // TestShouldVerifyAuthBasicArgFailingWrongHeader.
 			func(mock *mocks.MockAutheliaCtx) {
-				mock.Ctx.Request.Header.Set("Proxy-Authorization", "Basic am9objpwYXNzd29yZA==")
+				mock.Ctx.Request.Header.Set(fasthttp.HeaderProxyAuthorization, "Basic am9objpwYXNzd29yZA==")
 			},
 		},
 		{
 			"IncorrectPassword", // TestShouldVerifyAuthBasicArgFailingWrongPassword.
 			func(mock *mocks.MockAutheliaCtx) {
-				mock.Ctx.Request.Header.Set("Authorization", "Basic am9objpwYXNzd29yZA==")
+				mock.Ctx.Request.Header.Set(fasthttp.HeaderAuthorization, "Basic am9objpwYXNzd29yZA==")
 				mock.UserProviderMock.EXPECT().
 					CheckUserPassword(gomock.Eq("john"), gomock.Eq("password")).
@ -532,7 +532,7 @@ func (s *LegacyAuthzSuite) TestShouldHandleLegacyBasicAuthFailures() {
 		{
 			"NoAccess", // TestShouldVerifyAuthBasicArgFailingWrongPassword.
 			func(mock *mocks.MockAutheliaCtx) {
-				mock.Ctx.Request.Header.Set("Authorization", "Basic am9objpwYXNzd29yZA==")
+				mock.Ctx.Request.Header.Set(fasthttp.HeaderAuthorization, "Basic am9objpwYXNzd29yZA==")
 				mock.Ctx.Request.Header.Set("X-Original-URL", "https://admin.example.com/")
 				gomock.InOrder(
--- a/internal/handlers/handler_configuration_password_policy_test.go
+++ b/internal/handlers/handler_configuration_password_policy_test.go
@ -8,6 +8,7 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"github.com/stretchr/testify/suite"
 	"github.com/valyala/fasthttp"
 	"github.com/authelia/authelia/v4/internal/mocks"
 )
@ -41,7 +42,7 @@ func (s *PasswordPolicySuite) TestShouldBeDisabled() {
 	err := json.Unmarshal(s.mock.Ctx.Response.Body(), response)
 	require.NoError(s.T(), err)
-	assert.Equal(s.T(), 200, s.mock.Ctx.Response.StatusCode())
+	assert.Equal(s.T(), fasthttp.StatusOK, s.mock.Ctx.Response.StatusCode())
 	assert.Equal(s.T(), "disabled", response.Data.Mode)
 }
@ -57,7 +58,7 @@ func (s *PasswordPolicySuite) TestShouldBeStandard() {
 	err := json.Unmarshal(s.mock.Ctx.Response.Body(), response)
 	require.NoError(s.T(), err)
-	assert.Equal(s.T(), 200, s.mock.Ctx.Response.StatusCode())
+	assert.Equal(s.T(), fasthttp.StatusOK, s.mock.Ctx.Response.StatusCode())
 	assert.Equal(s.T(), "standard", response.Data.Mode)
 	assert.Equal(s.T(), 4, response.Data.MinLength)
 	assert.Equal(s.T(), 8, response.Data.MaxLength)
@ -73,7 +74,7 @@ func (s *PasswordPolicySuite) TestShouldBeZXCVBN() {
 	err := json.Unmarshal(s.mock.Ctx.Response.Body(), response)
 	require.NoError(s.T(), err)
-	assert.Equal(s.T(), 200, s.mock.Ctx.Response.StatusCode())
+	assert.Equal(s.T(), fasthttp.StatusOK, s.mock.Ctx.Response.StatusCode())
 	assert.Equal(s.T(), "zxcvbn", response.Data.Mode)
 }
--- a/internal/handlers/handler_firstfactor_test.go
+++ b/internal/handlers/handler_firstfactor_test.go
@ -7,6 +7,7 @@ import (
 	"github.com/golang/mock/gomock"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/suite"
 	"github.com/valyala/fasthttp"
 	"github.com/authelia/authelia/v4/internal/authentication"
 	"github.com/authelia/authelia/v4/internal/authorization"
@ -206,7 +207,7 @@ func (s *FirstFactorSuite) TestShouldAuthenticateUserWithRememberMeChecked() {
 	FirstFactorPOST(nil)(s.mock.Ctx)
 	// Respond with 200.
-	assert.Equal(s.T(), 200, s.mock.Ctx.Response.StatusCode())
+	assert.Equal(s.T(), fasthttp.StatusOK, s.mock.Ctx.Response.StatusCode())
 	assert.Equal(s.T(), []byte("{\"status\":\"OK\"}"), s.mock.Ctx.Response.Body())
 	userSession, err := s.mock.Ctx.GetSession()
@ -248,7 +249,7 @@ func (s *FirstFactorSuite) TestShouldAuthenticateUserWithRememberMeUnchecked() {
 	FirstFactorPOST(nil)(s.mock.Ctx)
 	// Respond with 200.
-	assert.Equal(s.T(), 200, s.mock.Ctx.Response.StatusCode())
+	assert.Equal(s.T(), fasthttp.StatusOK, s.mock.Ctx.Response.StatusCode())
 	assert.Equal(s.T(), []byte("{\"status\":\"OK\"}"), s.mock.Ctx.Response.Body())
 	userSession, err := s.mock.Ctx.GetSession()
@ -293,7 +294,7 @@ func (s *FirstFactorSuite) TestShouldSaveUsernameFromAuthenticationBackendInSess
 	FirstFactorPOST(nil)(s.mock.Ctx)
 	// Respond with 200.
-	assert.Equal(s.T(), 200, s.mock.Ctx.Response.StatusCode())
+	assert.Equal(s.T(), fasthttp.StatusOK, s.mock.Ctx.Response.StatusCode())
 	assert.Equal(s.T(), []byte("{\"status\":\"OK\"}"), s.mock.Ctx.Response.Body())
 	userSession, err := s.mock.Ctx.GetSession()
--- a/internal/handlers/handler_health_test.go
+++ b/internal/handlers/handler_health_test.go
@ -4,6 +4,7 @@ import (
 	"testing"
 	"github.com/stretchr/testify/assert"
 	"github.com/valyala/fasthttp"
 	"github.com/authelia/authelia/v4/internal/authentication"
 	"github.com/authelia/authelia/v4/internal/mocks"
@ -21,6 +22,6 @@ func TestHealthOk(t *testing.T) {
 	HealthGET(mock.Ctx)
-	assert.Equal(t, 200, mock.Ctx.Response.StatusCode())
+	assert.Equal(t, fasthttp.StatusOK, mock.Ctx.Response.StatusCode())
 	assert.Equal(t, okMessageBytes, mock.Ctx.Response.Body())
 }
--- a/internal/handlers/handler_register_duo_device_test.go
+++ b/internal/handlers/handler_register_duo_device_test.go
@ -9,6 +9,7 @@ import (
 	"github.com/sirupsen/logrus"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/suite"
 	"github.com/valyala/fasthttp"
 	"github.com/authelia/authelia/v4/internal/duo"
 	"github.com/authelia/authelia/v4/internal/mocks"
@ -136,7 +137,7 @@ func (s *RegisterDuoDeviceSuite) TestShouldRespondOK() {
 	DuoDevicePOST(s.mock.Ctx)
-	assert.Equal(s.T(), 200, s.mock.Ctx.Response.StatusCode())
+	assert.Equal(s.T(), fasthttp.StatusOK, s.mock.Ctx.Response.StatusCode())
 }
 func (s *RegisterDuoDeviceSuite) TestShouldRespondKOOnInvalidMethod() {
--- a/internal/handlers/handler_sign_duo_test.go
+++ b/internal/handlers/handler_sign_duo_test.go
@ -11,6 +11,7 @@ import (
 	"github.com/golang/mock/gomock"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/suite"
 	"github.com/valyala/fasthttp"
 	"github.com/authelia/authelia/v4/internal/configuration/schema"
 	"github.com/authelia/authelia/v4/internal/duo"
@ -122,7 +123,7 @@ func (s *SecondFactorDuoPostSuite) TestShouldAutoSelect() {
 	s.mock.Ctx.Request.SetBody(bodyBytes)
 	DuoPOST(duoMock)(s.mock.Ctx)
-	assert.Equal(s.T(), 200, s.mock.Ctx.Response.StatusCode())
+	assert.Equal(s.T(), fasthttp.StatusOK, s.mock.Ctx.Response.StatusCode())
 }
 func (s *SecondFactorDuoPostSuite) TestShouldDenyAutoSelect() {
@ -328,7 +329,7 @@ func (s *SecondFactorDuoPostSuite) TestShouldUseInvalidMethodAndAutoSelect() {
 	s.mock.Ctx.Request.SetBody(bodyBytes)
 	DuoPOST(duoMock)(s.mock.Ctx)
-	assert.Equal(s.T(), 200, s.mock.Ctx.Response.StatusCode())
+	assert.Equal(s.T(), fasthttp.StatusOK, s.mock.Ctx.Response.StatusCode())
 }
 func (s *SecondFactorDuoPostSuite) TestShouldCallDuoPreauthAPIAndAllowAccess() {
@ -352,7 +353,7 @@ func (s *SecondFactorDuoPostSuite) TestShouldCallDuoPreauthAPIAndAllowAccess() {
 	DuoPOST(duoMock)(s.mock.Ctx)
-	assert.Equal(s.T(), 200, s.mock.Ctx.Response.StatusCode())
+	assert.Equal(s.T(), fasthttp.StatusOK, s.mock.Ctx.Response.StatusCode())
 }
 func (s *SecondFactorDuoPostSuite) TestShouldCallDuoPreauthAPIAndDenyAccess() {
@ -382,7 +383,7 @@ func (s *SecondFactorDuoPostSuite) TestShouldCallDuoPreauthAPIAndDenyAccess() {
 	DuoPOST(duoMock)(s.mock.Ctx)
-	assert.Equal(s.T(), 401, s.mock.Ctx.Response.StatusCode())
+	assert.Equal(s.T(), fasthttp.StatusUnauthorized, s.mock.Ctx.Response.StatusCode())
 }
 func (s *SecondFactorDuoPostSuite) TestShouldCallDuoPreauthAPIAndFail() {
@ -452,7 +453,7 @@ func (s *SecondFactorDuoPostSuite) TestShouldCallDuoAPIAndDenyAccess() {
 	DuoPOST(duoMock)(s.mock.Ctx)
-	assert.Equal(s.T(), 401, s.mock.Ctx.Response.StatusCode())
+	assert.Equal(s.T(), fasthttp.StatusUnauthorized, s.mock.Ctx.Response.StatusCode())
 }
 func (s *SecondFactorDuoPostSuite) TestShouldCallDuoAPIAndFail() {
--- a/internal/handlers/handler_state_test.go
+++ b/internal/handlers/handler_state_test.go
@ -7,6 +7,7 @@ import (
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"github.com/stretchr/testify/suite"
 	"github.com/valyala/fasthttp"
 	"github.com/authelia/authelia/v4/internal/authentication"
 	"github.com/authelia/authelia/v4/internal/mocks"
@ -52,7 +53,7 @@ func (s *StateGetSuite) TestShouldReturnUsernameFromSession() {
 	err = json.Unmarshal(s.mock.Ctx.Response.Body(), &actualBody)
 	require.NoError(s.T(), err)
-	assert.Equal(s.T(), 200, s.mock.Ctx.Response.StatusCode())
+	assert.Equal(s.T(), fasthttp.StatusOK, s.mock.Ctx.Response.StatusCode())
 	assert.Equal(s.T(), []byte("application/json; charset=utf-8"), s.mock.Ctx.Response.Header.ContentType())
 	assert.Equal(s.T(), expectedBody, actualBody)
 }
@ -84,7 +85,7 @@ func (s *StateGetSuite) TestShouldReturnAuthenticationLevelFromSession() {
 	err = json.Unmarshal(s.mock.Ctx.Response.Body(), &actualBody)
 	require.NoError(s.T(), err)
-	assert.Equal(s.T(), 200, s.mock.Ctx.Response.StatusCode())
+	assert.Equal(s.T(), fasthttp.StatusOK, s.mock.Ctx.Response.StatusCode())
 	assert.Equal(s.T(), []byte("application/json; charset=utf-8"), s.mock.Ctx.Response.Header.ContentType())
 	assert.Equal(s.T(), expectedBody, actualBody)
 }
--- a/internal/handlers/handler_user_info_test.go
+++ b/internal/handlers/handler_user_info_test.go
@ -10,6 +10,7 @@ import (
 	"github.com/sirupsen/logrus"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/suite"
 	"github.com/valyala/fasthttp"
 	"github.com/authelia/authelia/v4/internal/configuration/schema"
 	"github.com/authelia/authelia/v4/internal/mocks"
@ -116,7 +117,7 @@ func TestUserInfoEndpoint_SetCorrectMethod(t *testing.T) {
 		if resp.err == nil {
 			t.Run("expected status code", func(t *testing.T) {
-				assert.Equal(t, 200, mock.Ctx.Response.StatusCode())
+				assert.Equal(t, fasthttp.StatusOK, mock.Ctx.Response.StatusCode())
 			})
 			actualPreferences := model.UserInfo{}
@ -140,7 +141,7 @@ func TestUserInfoEndpoint_SetCorrectMethod(t *testing.T) {
 			})
 		} else {
 			t.Run("expected status code", func(t *testing.T) {
-				assert.Equal(t, 200, mock.Ctx.Response.StatusCode())
+				assert.Equal(t, fasthttp.StatusOK, mock.Ctx.Response.StatusCode())
 			})
 			errResponse := mock.GetResponseError(t)
@ -310,7 +311,7 @@ func TestUserInfoEndpoint_SetDefaultMethod(t *testing.T) {
 			if resp.loadErr == nil && resp.saveErr == nil {
 				t.Run(fmt.Sprintf("%s/%s", resp.description, "expected status code"), func(t *testing.T) {
-					assert.Equal(t, 200, mock.Ctx.Response.StatusCode())
+					assert.Equal(t, fasthttp.StatusOK, mock.Ctx.Response.StatusCode())
 				})
 				actualPreferences := model.UserInfo{}
@ -334,7 +335,7 @@ func TestUserInfoEndpoint_SetDefaultMethod(t *testing.T) {
 				})
 			} else {
 				t.Run("expected status code", func(t *testing.T) {
-					assert.Equal(t, 200, mock.Ctx.Response.StatusCode())
+					assert.Equal(t, fasthttp.StatusOK, mock.Ctx.Response.StatusCode())
 				})
 				errResponse := mock.GetResponseError(t)
@ -440,7 +441,7 @@ func (s *SaveSuite) TestShouldReturn200WhenMethodIsSuccessfullySaved() {
 	MethodPreferencePOST(s.mock.Ctx)
-	assert.Equal(s.T(), 200, s.mock.Ctx.Response.StatusCode())
+	assert.Equal(s.T(), fasthttp.StatusOK, s.mock.Ctx.Response.StatusCode())
 }
 func TestSaveSuite(t *testing.T) {
--- a/internal/handlers/webauthn_test.go
+++ b/internal/handlers/webauthn_test.go
@ -7,6 +7,7 @@ import (
 	"github.com/go-webauthn/webauthn/protocol"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
 	"github.com/valyala/fasthttp"
 	"github.com/authelia/authelia/v4/internal/mocks"
 	"github.com/authelia/authelia/v4/internal/model"
@ -146,7 +147,7 @@ func TestWebAuthnGetUserWithErr(t *testing.T) {
 func TestWebAuthnNewWebAuthnShouldReturnErrWhenHeadersNotAvailable(t *testing.T) {
 	ctx := mocks.NewMockAutheliaCtx(t)
-	ctx.Ctx.Request.Header.Del("X-Forwarded-Host")
+	ctx.Ctx.Request.Header.Del(fasthttp.HeaderXForwardedHost)
 	w, err := newWebAuthn(ctx.Ctx)
@ -157,9 +158,9 @@ func TestWebAuthnNewWebAuthnShouldReturnErrWhenHeadersNotAvailable(t *testing.T)
 func TestWebAuthnNewWebAuthnShouldReturnErrWhenWebAuthnNotConfigured(t *testing.T) {
 	ctx := mocks.NewMockAutheliaCtx(t)
-	ctx.Ctx.Request.Header.Set("X-Forwarded-Host", "example.com")
+	ctx.Ctx.Request.Header.Set(fasthttp.HeaderXForwardedHost, "example.com")
 	ctx.Ctx.Request.Header.Set("X-Forwarded-URI", "/")
-	ctx.Ctx.Request.Header.Set("X-Forwarded-Proto", "https")
+	ctx.Ctx.Request.Header.Set(fasthttp.HeaderXForwardedProto, "https")
 	w, err := newWebAuthn(ctx.Ctx)
--- a/internal/middlewares/authelia_context_test.go
+++ b/internal/middlewares/authelia_context_test.go
@ -182,7 +182,7 @@ func TestShouldGetOriginalURLFromForwardedHeadersWithURI(t *testing.T) {
 func TestShouldFallbackToNonXForwardedHeaders(t *testing.T) {
 	mock := mocks.NewMockAutheliaCtx(t)
-	mock.Ctx.Request.Header.Del("X-Forwarded-Host")
+	mock.Ctx.Request.Header.Del(fasthttp.HeaderXForwardedHost)
 	defer mock.Close()
@ -198,19 +198,19 @@ func TestShouldOnlyFallbackToNonXForwardedHeadersWhenNil(t *testing.T) {
 	mock := mocks.NewMockAutheliaCtx(t)
 	defer mock.Close()
-	mock.Ctx.Request.Header.Del("X-Forwarded-Host")
+	mock.Ctx.Request.Header.Del(fasthttp.HeaderXForwardedHost)
 	mock.Ctx.RequestCtx.Request.SetRequestURI("/2fa/one-time-password")
 	mock.Ctx.RequestCtx.Request.SetHost("localhost")
 	mock.Ctx.RequestCtx.Request.Header.Set(fasthttp.HeaderXForwardedHost, "auth.example.com:1234")
 	mock.Ctx.RequestCtx.Request.Header.Set("X-Forwarded-URI", "/base/2fa/one-time-password")
 	mock.Ctx.RequestCtx.Request.Header.Set(fasthttp.HeaderXForwardedProto, "https")
-	mock.Ctx.RequestCtx.Request.Header.Set("X-Forwarded-Method", "GET")
+	mock.Ctx.RequestCtx.Request.Header.Set("X-Forwarded-Method", fasthttp.MethodGet)
 	assert.Equal(t, []byte("https"), mock.Ctx.XForwardedProto())
 	assert.Equal(t, []byte("auth.example.com:1234"), mock.Ctx.GetXForwardedHost())
 	assert.Equal(t, []byte("/base/2fa/one-time-password"), mock.Ctx.GetXForwardedURI())
-	assert.Equal(t, []byte("GET"), mock.Ctx.XForwardedMethod())
+	assert.Equal(t, []byte(fasthttp.MethodGet), mock.Ctx.XForwardedMethod())
 }
 func TestShouldDetectXHR(t *testing.T) {
--- a/internal/middlewares/cors_test.go
+++ b/internal/middlewares/cors_test.go
@ -56,13 +56,13 @@ func TestCORSPolicyBuilder_WithAllowedMethods(t *testing.T) {
 	assert.Nil(t, cors.methods)
-	cors.WithAllowedMethods("GET")
+	cors.WithAllowedMethods(fasthttp.MethodGet)
-	assert.Equal(t, []string{"GET"}, cors.methods)
+	assert.Equal(t, []string{fasthttp.MethodGet}, cors.methods)
-	cors.WithAllowedMethods("POST", "PATCH")
+	cors.WithAllowedMethods(fasthttp.MethodPost, fasthttp.MethodPatch)
-	assert.Equal(t, []string{"POST", "PATCH"}, cors.methods)
+	assert.Equal(t, []string{fasthttp.MethodPost, fasthttp.MethodPatch}, cors.methods)
 	cors.WithAllowedMethods()
@ -167,7 +167,7 @@ func TestCORSPolicyBuilder_HandleOPTIONS(t *testing.T) {
 	ctx.Request.Header.SetBytesK(headerAccessControlRequestHeaders, "X-Example-Header")
 	ctx.Request.Header.SetBytesKV(headerOrigin, origin)
-	cors.WithAllowedMethods("GET", "OPTIONS")
+	cors.WithAllowedMethods(fasthttp.MethodGet, fasthttp.MethodOptions)
 	policy = cors.Build()
 	policy.HandleOPTIONS(ctx)
@ -245,7 +245,7 @@ func TestCORSPolicyBuilder_HandleOPTIONS_WithoutOrigin(t *testing.T) {
 	ctx.Request.Header.SetBytesK(headerAccessControlRequestHeaders, "X-Example-Header")
-	cors.WithAllowedMethods("GET", "OPTIONS")
+	cors.WithAllowedMethods(fasthttp.MethodGet, fasthttp.MethodOptions)
 	policy = cors.Build()
 	policy.HandleOPTIONS(ctx)
@ -311,7 +311,7 @@ func TestCORSPolicyBuilder_HandleOPTIONSWithAllowedOrigins(t *testing.T) {
 	ctx.Request.Header.SetBytesKV(headerOrigin, origin)
 	cors.WithAllowedOrigins("*")
-	cors.WithAllowedMethods("GET", "OPTIONS")
+	cors.WithAllowedMethods(fasthttp.MethodGet, fasthttp.MethodOptions)
 	policy = cors.Build()
 	policy.HandleOPTIONS(ctx)
@ -383,7 +383,7 @@ func TestCORSPolicyBuilder_HandleOPTIONSWithVaryOnly(t *testing.T) {
 	ctx.Request.Header.SetBytesK(headerAccessControlRequestHeaders, "X-Example-Header")
 	ctx.Request.Header.SetBytesKV(headerOrigin, origin)
-	cors.WithAllowedMethods("GET", "OPTIONS")
+	cors.WithAllowedMethods(fasthttp.MethodGet, fasthttp.MethodOptions)
 	policy = cors.Build()
 	policy.HandleOPTIONS(ctx)
@ -429,7 +429,7 @@ func TestCORSPolicyBuilder_HandleOPTIONSWithAllowedHeaders(t *testing.T) {
 	ctx.Request.Header.SetBytesK(headerAccessControlRequestHeaders, "X-Example-Header")
 	ctx.Request.Header.SetBytesKV(headerOrigin, origin)
-	cors.WithAllowedMethods("GET", "OPTIONS")
+	cors.WithAllowedMethods(fasthttp.MethodGet, fasthttp.MethodOptions)
 	policy = cors.Build()
 	policy.HandleOPTIONS(ctx)
@ -516,7 +516,7 @@ func Test_CORSApplyAutomaticAllowAllPolicy_WithRequestMethod(t *testing.T) {
 	ctx.Request.Header.SetBytesKV(headerOrigin, origin)
 	ctx.Request.Header.SetBytesK(headerAccessControlRequestHeaders, "X-Example-Header")
-	ctx.Request.Header.SetBytesK(headerAccessControlRequestMethod, "GET")
+	ctx.Request.Header.SetBytesK(headerAccessControlRequestMethod, fasthttp.MethodGet)
 	cors := NewCORSPolicyBuilder()
@ -528,7 +528,7 @@ func Test_CORSApplyAutomaticAllowAllPolicy_WithRequestMethod(t *testing.T) {
 	assert.Equal(t, headerValueFalse, ctx.Response.Header.PeekBytes(headerAccessControlAllowCredentials))
 	assert.Equal(t, headerValueMaxAge, ctx.Response.Header.PeekBytes(headerAccessControlMaxAge))
 	assert.Equal(t, []byte("X-Example-Header"), ctx.Response.Header.PeekBytes(headerAccessControlAllowHeaders))
-	assert.Equal(t, []byte("GET"), ctx.Response.Header.PeekBytes(headerAccessControlAllowMethods))
+	assert.Equal(t, []byte(fasthttp.MethodGet), ctx.Response.Header.PeekBytes(headerAccessControlAllowMethods))
 }
 func Test_CORSApplyAutomaticAllowAllPolicy_ShouldNotModifyFotNonHTTPSRequests(t *testing.T) {
@ -538,7 +538,7 @@ func Test_CORSApplyAutomaticAllowAllPolicy_ShouldNotModifyFotNonHTTPSRequests(t
 	ctx.Request.Header.SetBytesKV(headerOrigin, origin)
 	ctx.Request.Header.SetBytesK(headerAccessControlRequestHeaders, "X-Example-Header")
-	ctx.Request.Header.SetBytesK(headerAccessControlRequestMethod, "GET")
+	ctx.Request.Header.SetBytesK(headerAccessControlRequestMethod, fasthttp.MethodGet)
 	cors := NewCORSPolicyBuilder().WithVary()
@ -560,11 +560,11 @@ func Test_CORSMiddleware_AsMiddleware(t *testing.T) {
 	ctx.Request.Header.SetBytesKV(headerOrigin, origin)
 	ctx.Request.Header.SetBytesK(headerAccessControlRequestHeaders, "X-Example-Header")
-	ctx.Request.Header.SetBytesK(headerAccessControlRequestMethod, "GET")
+	ctx.Request.Header.SetBytesK(headerAccessControlRequestMethod, fasthttp.MethodGet)
 	middleware := NewBridgeBuilder(schema.Configuration{}, Providers{}).Build()
-	cors := NewCORSPolicyBuilder().WithAllowedMethods("GET", "OPTIONS")
+	cors := NewCORSPolicyBuilder().WithAllowedMethods(fasthttp.MethodGet, fasthttp.MethodOptions)
 	policy := cors.Build()
--- a/internal/middlewares/identity_verification_test.go
+++ b/internal/middlewares/identity_verification_test.go
@ -48,7 +48,7 @@ func TestShouldFailStartingProcessIfUserHasNoEmailAddress(t *testing.T) {
 	middlewares.IdentityVerificationStart(newArgs(retriever), nil)(mock.Ctx)
-	assert.Equal(t, 200, mock.Ctx.Response.StatusCode())
+	assert.Equal(t, fasthttp.StatusOK, mock.Ctx.Response.StatusCode())
 	assert.Equal(t, "User does not have any email", mock.Hook.LastEntry().Message)
 }
@ -65,7 +65,7 @@ func TestShouldFailIfJWTCannotBeSaved(t *testing.T) {
 	args := newArgs(defaultRetriever)
 	middlewares.IdentityVerificationStart(args, nil)(mock.Ctx)
-	assert.Equal(t, 200, mock.Ctx.Response.StatusCode())
+	assert.Equal(t, fasthttp.StatusOK, mock.Ctx.Response.StatusCode())
 	assert.Equal(t, "cannot save", mock.Hook.LastEntry().Message)
 }
@ -88,7 +88,7 @@ func TestShouldFailSendingAnEmail(t *testing.T) {
 	args := newArgs(defaultRetriever)
 	middlewares.IdentityVerificationStart(args, nil)(mock.Ctx)
-	assert.Equal(t, 200, mock.Ctx.Response.StatusCode())
+	assert.Equal(t, fasthttp.StatusOK, mock.Ctx.Response.StatusCode())
 	assert.Equal(t, "no notif", mock.Hook.LastEntry().Message)
 }
@ -110,7 +110,7 @@ func TestShouldSucceedIdentityVerificationStartProcess(t *testing.T) {
 	args := newArgs(defaultRetriever)
 	middlewares.IdentityVerificationStart(args, nil)(mock.Ctx)
-	assert.Equal(t, 200, mock.Ctx.Response.StatusCode())
+	assert.Equal(t, fasthttp.StatusOK, mock.Ctx.Response.StatusCode())
 	defer mock.Close()
 }
@ -272,7 +272,7 @@ func (s *IdentityVerificationFinishProcess) TestShouldReturn200OnFinishComplete(
 	middlewares.IdentityVerificationFinish(newFinishArgs(), next)(s.mock.Ctx)
-	assert.Equal(s.T(), 200, s.mock.Ctx.Response.StatusCode())
+	assert.Equal(s.T(), fasthttp.StatusOK, s.mock.Ctx.Response.StatusCode())
 }
 func TestRunIdentityVerificationFinish(t *testing.T) {
--- a/internal/mocks/authelia_ctx.go
+++ b/internal/mocks/authelia_ctx.go
@ -219,7 +219,7 @@ func NewMockAutheliaCtx(t *testing.T) *MockAutheliaCtx {
 	// request.Request.Header.SetCookie("authelia_session", "client_cookie").
 	// Set X-Forwarded-Host for compatibility with multi-root-domain implementation.
-	request.Request.Header.Set("X-Forwarded-Host", "example.com")
+	request.Request.Header.Set(fasthttp.HeaderXForwardedHost, "example.com")
 	ctx := middlewares.NewAutheliaCtx(request, config, providers)
 	mockAuthelia.Ctx = ctx
@ -256,19 +256,19 @@ func (m *MockAutheliaCtx) SetRequestBody(t *testing.T, body interface{}) {
 // Assert401KO assert an error response from the service.
 func (m *MockAutheliaCtx) Assert401KO(t *testing.T, message string) {
-	assert.Equal(t, 401, m.Ctx.Response.StatusCode())
+	assert.Equal(t, fasthttp.StatusUnauthorized, m.Ctx.Response.StatusCode())
 	assert.Equal(t, fmt.Sprintf("{\"status\":\"KO\",\"message\":\"%s\"}", message), string(m.Ctx.Response.Body()))
 }
 // Assert200KO assert an error response from the service.
 func (m *MockAutheliaCtx) Assert200KO(t *testing.T, message string) {
-	assert.Equal(t, 200, m.Ctx.Response.StatusCode())
+	assert.Equal(t, fasthttp.StatusOK, m.Ctx.Response.StatusCode())
 	assert.Equal(t, fmt.Sprintf("{\"status\":\"KO\",\"message\":\"%s\"}", message), string(m.Ctx.Response.Body()))
 }
 // Assert200OK assert a successful response from the service.
 func (m *MockAutheliaCtx) Assert200OK(t *testing.T, data interface{}) {
-	assert.Equal(t, 200, m.Ctx.Response.StatusCode())
+	assert.Equal(t, fasthttp.StatusOK, m.Ctx.Response.StatusCode())
 	response := middlewares.OKResponse{
 		Status: "OK",
--- a/internal/server/server_test.go
+++ b/internal/server/server_test.go
@ -200,7 +200,7 @@ func TestShouldRaiseErrorWhenClientDoesNotSkipVerify(t *testing.T) {
 	defer tlsServerContext.Close()
-	req, err := http.NewRequest("GET", fmt.Sprintf("https://local.example.com:%d", tlsServerContext.Port()), nil)
+	req, err := http.NewRequest(fasthttp.MethodGet, fmt.Sprintf("https://local.example.com:%d", tlsServerContext.Port()), nil)
 	require.NoError(t, err)
 	_, err = http.DefaultClient.Do(req)
@ -228,7 +228,7 @@ func TestShouldServeOverTLSWhenClientDoesSkipVerify(t *testing.T) {
 	defer tlsServerContext.Close()
-	req, err := http.NewRequest("GET", fmt.Sprintf("https://local.example.com:%d/api/notfound", tlsServerContext.Port()), nil)
+	req, err := http.NewRequest(fasthttp.MethodGet, fmt.Sprintf("https://local.example.com:%d/api/notfound", tlsServerContext.Port()), nil)
 	require.NoError(t, err)
 	tr := &http.Transport{
@ -265,7 +265,7 @@ func TestShouldServeOverTLSWhenClientHasProperRootCA(t *testing.T) {
 	defer tlsServerContext.Close()
-	req, err := http.NewRequest("GET", fmt.Sprintf("https://local.example.com:%d/api/notfound", tlsServerContext.Port()), nil)
+	req, err := http.NewRequest(fasthttp.MethodGet, fmt.Sprintf("https://local.example.com:%d/api/notfound", tlsServerContext.Port()), nil)
 	require.NoError(t, err)
 	block, _ := pem.Decode(certificateContext.Certificates[0].CertificatePEM)
@ -317,7 +317,7 @@ func TestShouldRaiseWhenMutualTLSIsConfiguredAndClientIsNotAuthenticated(t *test
 	defer tlsServerContext.Close()
-	req, err := http.NewRequest("GET", fmt.Sprintf("https://local.example.com:%d/api/notfound", tlsServerContext.Port()), nil)
+	req, err := http.NewRequest(fasthttp.MethodGet, fmt.Sprintf("https://local.example.com:%d/api/notfound", tlsServerContext.Port()), nil)
 	require.NoError(t, err)
 	// Create a root CA for the client to properly validate server cert.
@ -360,7 +360,7 @@ func TestShouldServeProperlyWhenMutualTLSIsConfiguredAndClientIsAuthenticated(t
 	defer tlsServerContext.Close()
-	req, err := http.NewRequest("GET", fmt.Sprintf("https://local.example.com:%d/api/notfound", tlsServerContext.Port()), nil)
+	req, err := http.NewRequest(fasthttp.MethodGet, fmt.Sprintf("https://local.example.com:%d/api/notfound", tlsServerContext.Port()), nil)
 	require.NoError(t, err)
 	// Create a root CA for the client to properly validate server cert.
--- a/internal/suites/action_http.go
+++ b/internal/suites/action_http.go
@ -6,14 +6,15 @@ import (
 	"testing"
 	"github.com/stretchr/testify/assert"
 	"github.com/valyala/fasthttp"
 )
 func doHTTPGetQuery(t *testing.T, url string) []byte {
 	client := NewHTTPClient()
-	req, err := http.NewRequest("GET", url, nil)
+	req, err := http.NewRequest(fasthttp.MethodGet, url, nil)
 	assert.NoError(t, err)
-	req.Header.Add("Accept", "application/json")
+	req.Header.Add(fasthttp.HeaderAccept, "application/json")
 	resp, err := client.Do(req)
 	assert.NoError(t, err)
--- a/internal/suites/duo.go
+++ b/internal/suites/duo.go
@ -8,6 +8,7 @@ import (
 	"testing"
 	"github.com/stretchr/testify/require"
 	"github.com/valyala/fasthttp"
 	"github.com/authelia/authelia/v4/internal/duo"
 )
@ -29,13 +30,13 @@ func ConfigureDuo(t *testing.T, allowDeny DuoPolicy) {
 		url = fmt.Sprintf("%s/deny", DuoBaseURL)
 	}
-	req, err := http.NewRequest("POST", url, nil)
+	req, err := http.NewRequest(fasthttp.MethodPost, url, nil)
 	require.NoError(t, err)
 	client := NewHTTPClient()
 	res, err := client.Do(req)
 	require.NoError(t, err)
-	require.Equal(t, 200, res.StatusCode)
+	require.Equal(t, fasthttp.StatusOK, res.StatusCode)
 }
 // ConfigureDuoPreAuth configure duo api to respond with available devices or enrollment Url.
@ -45,12 +46,12 @@ func ConfigureDuoPreAuth(t *testing.T, response duo.PreAuthResponse) {
 	body, err := json.Marshal(response)
 	require.NoError(t, err)
-	req, err := http.NewRequest("POST", url, bytes.NewReader(body))
+	req, err := http.NewRequest(fasthttp.MethodPost, url, bytes.NewReader(body))
 	req.Header.Set("Content-Type", "application/json")
 	require.NoError(t, err)
 	client := NewHTTPClient()
 	res, err := client.Do(req)
 	require.NoError(t, err)
-	require.Equal(t, 200, res.StatusCode)
+	require.Equal(t, fasthttp.StatusOK, res.StatusCode)
 }
--- a/internal/suites/scenario_backend_protection_test.go
+++ b/internal/suites/scenario_backend_protection_test.go
@ -48,32 +48,32 @@ func (s *BackendProtectionScenario) AssertRequestStatusCode(method, url string,
 }
 func (s *BackendProtectionScenario) TestProtectionOfBackendEndpoints() {
-	s.AssertRequestStatusCode(fasthttp.MethodPost, fmt.Sprintf("%s/api/secondfactor/totp", AutheliaBaseURL), 403)
+	s.AssertRequestStatusCode(fasthttp.MethodPost, fmt.Sprintf("%s/api/secondfactor/totp", AutheliaBaseURL), fasthttp.StatusForbidden)
-	s.AssertRequestStatusCode(fasthttp.MethodPost, fmt.Sprintf("%s/api/secondfactor/webauthn/assertion", AutheliaBaseURL), 403)
+	s.AssertRequestStatusCode(fasthttp.MethodPost, fmt.Sprintf("%s/api/secondfactor/webauthn/assertion", AutheliaBaseURL), fasthttp.StatusForbidden)
-	s.AssertRequestStatusCode(fasthttp.MethodPost, fmt.Sprintf("%s/api/secondfactor/webauthn/attestation", AutheliaBaseURL), 403)
+	s.AssertRequestStatusCode(fasthttp.MethodPost, fmt.Sprintf("%s/api/secondfactor/webauthn/attestation", AutheliaBaseURL), fasthttp.StatusForbidden)
-	s.AssertRequestStatusCode(fasthttp.MethodPost, fmt.Sprintf("%s/api/user/info/2fa_method", AutheliaBaseURL), 403)
+	s.AssertRequestStatusCode(fasthttp.MethodPost, fmt.Sprintf("%s/api/user/info/2fa_method", AutheliaBaseURL), fasthttp.StatusForbidden)
-	s.AssertRequestStatusCode(fasthttp.MethodGet, fmt.Sprintf("%s/api/user/info", AutheliaBaseURL), 403)
+	s.AssertRequestStatusCode(fasthttp.MethodGet, fmt.Sprintf("%s/api/user/info", AutheliaBaseURL), fasthttp.StatusForbidden)
-	s.AssertRequestStatusCode(fasthttp.MethodGet, fmt.Sprintf("%s/api/configuration", AutheliaBaseURL), 403)
+	s.AssertRequestStatusCode(fasthttp.MethodGet, fmt.Sprintf("%s/api/configuration", AutheliaBaseURL), fasthttp.StatusForbidden)
-	s.AssertRequestStatusCode(fasthttp.MethodPost, fmt.Sprintf("%s/api/secondfactor/totp/identity/start", AutheliaBaseURL), 403)
+	s.AssertRequestStatusCode(fasthttp.MethodPost, fmt.Sprintf("%s/api/secondfactor/totp/identity/start", AutheliaBaseURL), fasthttp.StatusForbidden)
-	s.AssertRequestStatusCode(fasthttp.MethodPost, fmt.Sprintf("%s/api/secondfactor/totp/identity/finish", AutheliaBaseURL), 403)
+	s.AssertRequestStatusCode(fasthttp.MethodPost, fmt.Sprintf("%s/api/secondfactor/totp/identity/finish", AutheliaBaseURL), fasthttp.StatusForbidden)
-	s.AssertRequestStatusCode(fasthttp.MethodPost, fmt.Sprintf("%s/api/secondfactor/webauthn/identity/start", AutheliaBaseURL), 403)
+	s.AssertRequestStatusCode(fasthttp.MethodPost, fmt.Sprintf("%s/api/secondfactor/webauthn/identity/start", AutheliaBaseURL), fasthttp.StatusForbidden)
-	s.AssertRequestStatusCode(fasthttp.MethodPost, fmt.Sprintf("%s/api/secondfactor/webauthn/identity/finish", AutheliaBaseURL), 403)
+	s.AssertRequestStatusCode(fasthttp.MethodPost, fmt.Sprintf("%s/api/secondfactor/webauthn/identity/finish", AutheliaBaseURL), fasthttp.StatusForbidden)
 }
 func (s *BackendProtectionScenario) TestInvalidEndpointsReturn404() {
-	s.AssertRequestStatusCode(fasthttp.MethodGet, fmt.Sprintf("%s/api/not_existing", AutheliaBaseURL), 404)
+	s.AssertRequestStatusCode(fasthttp.MethodGet, fmt.Sprintf("%s/api/not_existing", AutheliaBaseURL), fasthttp.StatusNotFound)
-	s.AssertRequestStatusCode(fasthttp.MethodHead, fmt.Sprintf("%s/api/not_existing", AutheliaBaseURL), 404)
+	s.AssertRequestStatusCode(fasthttp.MethodHead, fmt.Sprintf("%s/api/not_existing", AutheliaBaseURL), fasthttp.StatusNotFound)
-	s.AssertRequestStatusCode(fasthttp.MethodPost, fmt.Sprintf("%s/api/not_existing", AutheliaBaseURL), 404)
+	s.AssertRequestStatusCode(fasthttp.MethodPost, fmt.Sprintf("%s/api/not_existing", AutheliaBaseURL), fasthttp.StatusNotFound)
-	s.AssertRequestStatusCode(fasthttp.MethodGet, fmt.Sprintf("%s/api/not_existing/second", AutheliaBaseURL), 404)
+	s.AssertRequestStatusCode(fasthttp.MethodGet, fmt.Sprintf("%s/api/not_existing/second", AutheliaBaseURL), fasthttp.StatusNotFound)
-	s.AssertRequestStatusCode(fasthttp.MethodHead, fmt.Sprintf("%s/api/not_existing/second", AutheliaBaseURL), 404)
+	s.AssertRequestStatusCode(fasthttp.MethodHead, fmt.Sprintf("%s/api/not_existing/second", AutheliaBaseURL), fasthttp.StatusNotFound)
-	s.AssertRequestStatusCode(fasthttp.MethodPost, fmt.Sprintf("%s/api/not_existing/second", AutheliaBaseURL), 404)
+	s.AssertRequestStatusCode(fasthttp.MethodPost, fmt.Sprintf("%s/api/not_existing/second", AutheliaBaseURL), fasthttp.StatusNotFound)
 }
 func (s *BackendProtectionScenario) TestInvalidEndpointsReturn405() {
-	s.AssertRequestStatusCode("PUT", fmt.Sprintf("%s/api/configuration", AutheliaBaseURL), 405)
+	s.AssertRequestStatusCode(fasthttp.MethodPut, fmt.Sprintf("%s/api/configuration", AutheliaBaseURL), fasthttp.StatusMethodNotAllowed)
 }
 func TestRunBackendProtection(t *testing.T) {
--- a/internal/suites/suite_high_availability_test.go
+++ b/internal/suites/suite_high_availability_test.go
@ -10,6 +10,7 @@ import (
 	log "github.com/sirupsen/logrus"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/suite"
 	"github.com/valyala/fasthttp"
 )
 type HighAvailabilityWebDriverSuite struct {
@ -282,7 +283,7 @@ func NewHighAvailabilitySuite() *HighAvailabilitySuite {
 func DoGetWithAuth(t *testing.T, username, password string) int {
 	client := NewHTTPClient()
-	req, err := http.NewRequest("GET", fmt.Sprintf("%s/secret.html", SingleFactorBaseURL), nil)
+	req, err := http.NewRequest(fasthttp.MethodGet, fmt.Sprintf("%s/secret.html", SingleFactorBaseURL), nil)
 	assert.NoError(t, err)
 	req.SetBasicAuth(username, password)
@ -293,9 +294,9 @@ func DoGetWithAuth(t *testing.T, username, password string) int {
 }
 func (s *HighAvailabilitySuite) TestBasicAuth() {
-	s.Assert().Equal(DoGetWithAuth(s.T(), "john", "password"), 200)
+	s.Assert().Equal(fasthttp.StatusOK, DoGetWithAuth(s.T(), "john", "password"))
-	s.Assert().Equal(DoGetWithAuth(s.T(), "john", "bad-password"), 302)
+	s.Assert().Equal(fasthttp.StatusFound, DoGetWithAuth(s.T(), "john", "bad-password"))
-	s.Assert().Equal(DoGetWithAuth(s.T(), "dontexist", "password"), 302)
+	s.Assert().Equal(fasthttp.StatusFound, DoGetWithAuth(s.T(), "dontexist", "password"))
 }
 func (s *HighAvailabilitySuite) Test1FAScenario() {
--- a/internal/suites/suite_standalone_test.go
+++ b/internal/suites/suite_standalone_test.go
@ -12,6 +12,7 @@ import (
 	"github.com/stretchr/testify/require"
 	"github.com/stretchr/testify/suite"
 	"github.com/valyala/fasthttp"
 	"github.com/authelia/authelia/v4/internal/storage"
 	"github.com/authelia/authelia/v4/internal/utils"
@ -185,55 +186,55 @@ func NewStandaloneSuite() *StandaloneSuite {
 }
 func (s *StandaloneSuite) TestShouldRespectMethodsACL() {
-	req, err := http.NewRequest("GET", fmt.Sprintf("%s/api/verify?rd=%s", AutheliaBaseURL, GetLoginBaseURL(BaseDomain)), nil)
+	req, err := http.NewRequest(fasthttp.MethodGet, fmt.Sprintf("%s/api/verify?rd=%s", AutheliaBaseURL, GetLoginBaseURL(BaseDomain)), nil)
 	s.Assert().NoError(err)
-	req.Header.Set("X-Forwarded-Method", "GET")
+	req.Header.Set("X-Forwarded-Method", fasthttp.MethodGet)
-	req.Header.Set("X-Forwarded-Proto", "https")
+	req.Header.Set(fasthttp.HeaderXForwardedProto, "https")
-	req.Header.Set("X-Forwarded-Host", fmt.Sprintf("secure.%s", BaseDomain))
+	req.Header.Set(fasthttp.HeaderXForwardedHost, fmt.Sprintf("secure.%s", BaseDomain))
 	req.Header.Set("X-Forwarded-URI", "/")
-	req.Header.Set("Accept", "text/html; charset=utf8")
+	req.Header.Set(fasthttp.HeaderAccept, "text/html; charset=utf8")
 	client := NewHTTPClient()
 	res, err := client.Do(req)
 	s.Assert().NoError(err)
-	s.Assert().Equal(res.StatusCode, 302)
+	s.Assert().Equal(fasthttp.StatusFound, res.StatusCode)
 	body, err := io.ReadAll(res.Body)
 	s.Assert().NoError(err)
 	urlEncodedAdminURL := url.QueryEscape(SecureBaseURL + "/")
 	s.Assert().Equal(fmt.Sprintf("<a href=\"%s\">302 Found</a>", utils.StringHTMLEscape(fmt.Sprintf("%s/?rd=%s&rm=GET", GetLoginBaseURL(BaseDomain), urlEncodedAdminURL))), string(body))
-	req.Header.Set("X-Forwarded-Method", "OPTIONS")
+	req.Header.Set("X-Forwarded-Method", fasthttp.MethodOptions)
 	res, err = client.Do(req)
 	s.Assert().NoError(err)
-	s.Assert().Equal(res.StatusCode, 200)
+	s.Assert().Equal(fasthttp.StatusOK, res.StatusCode)
 }
 func (s *StandaloneSuite) TestShouldRespondWithCorrectStatusCode() {
-	req, err := http.NewRequest("GET", fmt.Sprintf("%s/api/verify?rd=%s", AutheliaBaseURL, GetLoginBaseURL(BaseDomain)), nil)
+	req, err := http.NewRequest(fasthttp.MethodGet, fmt.Sprintf("%s/api/verify?rd=%s", AutheliaBaseURL, GetLoginBaseURL(BaseDomain)), nil)
 	s.Assert().NoError(err)
-	req.Header.Set("X-Forwarded-Method", "GET")
+	req.Header.Set("X-Forwarded-Method", fasthttp.MethodGet)
-	req.Header.Set("X-Forwarded-Proto", "https")
+	req.Header.Set(fasthttp.HeaderXForwardedProto, "https")
-	req.Header.Set("X-Forwarded-Host", fmt.Sprintf("secure.%s", BaseDomain))
+	req.Header.Set(fasthttp.HeaderXForwardedHost, fmt.Sprintf("secure.%s", BaseDomain))
 	req.Header.Set("X-Forwarded-URI", "/")
-	req.Header.Set("Accept", "text/html; charset=utf8")
+	req.Header.Set(fasthttp.HeaderAccept, "text/html; charset=utf8")
 	client := NewHTTPClient()
 	res, err := client.Do(req)
 	s.Assert().NoError(err)
-	s.Assert().Equal(res.StatusCode, 302)
+	s.Assert().Equal(fasthttp.StatusFound, res.StatusCode)
 	body, err := io.ReadAll(res.Body)
 	s.Assert().NoError(err)
 	urlEncodedAdminURL := url.QueryEscape(SecureBaseURL + "/")
 	s.Assert().Equal(fmt.Sprintf("<a href=\"%s\">302 Found</a>", utils.StringHTMLEscape(fmt.Sprintf("%s/?rd=%s&rm=GET", GetLoginBaseURL(BaseDomain), urlEncodedAdminURL))), string(body))
-	req.Header.Set("X-Forwarded-Method", "POST")
+	req.Header.Set("X-Forwarded-Method", fasthttp.MethodPost)
 	res, err = client.Do(req)
 	s.Assert().NoError(err)
-	s.Assert().Equal(res.StatusCode, 303)
+	s.Assert().Equal(fasthttp.StatusSeeOther, res.StatusCode)
 	body, err = io.ReadAll(res.Body)
 	s.Assert().NoError(err)
@ -243,16 +244,16 @@ func (s *StandaloneSuite) TestShouldRespondWithCorrectStatusCode() {
 // Standard case using nginx.
 func (s *StandaloneSuite) TestShouldVerifyAPIVerifyUnauthorized() {
-	req, err := http.NewRequest("GET", fmt.Sprintf("%s/api/verify", AutheliaBaseURL), nil)
+	req, err := http.NewRequest(fasthttp.MethodGet, fmt.Sprintf("%s/api/verify", AutheliaBaseURL), nil)
 	s.Assert().NoError(err)
-	req.Header.Set("X-Forwarded-Proto", "https")
+	req.Header.Set(fasthttp.HeaderXForwardedProto, "https")
 	req.Header.Set("X-Original-URL", AdminBaseURL)
-	req.Header.Set("Accept", "text/html; charset=utf8")
+	req.Header.Set(fasthttp.HeaderAccept, "text/html; charset=utf8")
 	client := NewHTTPClient()
 	res, err := client.Do(req)
 	s.Assert().NoError(err)
-	s.Assert().Equal(res.StatusCode, 401)
+	s.Assert().Equal(fasthttp.StatusUnauthorized, res.StatusCode)
 	body, err := io.ReadAll(res.Body)
 	s.Assert().NoError(err)
 	s.Assert().Equal("401 Unauthorized", string(body))
@ -260,16 +261,16 @@ func (s *StandaloneSuite) TestShouldVerifyAPIVerifyUnauthorized() {
 // Standard case using Kubernetes.
 func (s *StandaloneSuite) TestShouldVerifyAPIVerifyRedirectFromXOriginalURL() {
-	req, err := http.NewRequest("GET", fmt.Sprintf("%s/api/verify?rd=%s", AutheliaBaseURL, GetLoginBaseURL(BaseDomain)), nil)
+	req, err := http.NewRequest(fasthttp.MethodGet, fmt.Sprintf("%s/api/verify?rd=%s", AutheliaBaseURL, GetLoginBaseURL(BaseDomain)), nil)
 	s.Assert().NoError(err)
-	req.Header.Set("X-Forwarded-Proto", "https")
+	req.Header.Set(fasthttp.HeaderXForwardedProto, "https")
 	req.Header.Set("X-Original-URL", AdminBaseURL)
-	req.Header.Set("Accept", "text/html; charset=utf8")
+	req.Header.Set(fasthttp.HeaderAccept, "text/html; charset=utf8")
 	client := NewHTTPClient()
 	res, err := client.Do(req)
 	s.Assert().NoError(err)
-	s.Assert().Equal(res.StatusCode, 302)
+	s.Assert().Equal(fasthttp.StatusFound, res.StatusCode)
 	body, err := io.ReadAll(res.Body)
 	s.Assert().NoError(err)
@ -278,17 +279,17 @@ func (s *StandaloneSuite) TestShouldVerifyAPIVerifyRedirectFromXOriginalURL() {
 }
 func (s *StandaloneSuite) TestShouldVerifyAPIVerifyRedirectFromXOriginalHostURI() {
-	req, err := http.NewRequest("GET", fmt.Sprintf("%s/api/verify?rd=%s", AutheliaBaseURL, GetLoginBaseURL(BaseDomain)), nil)
+	req, err := http.NewRequest(fasthttp.MethodGet, fmt.Sprintf("%s/api/verify?rd=%s", AutheliaBaseURL, GetLoginBaseURL(BaseDomain)), nil)
 	s.Assert().NoError(err)
-	req.Header.Set("X-Forwarded-Proto", "https")
+	req.Header.Set(fasthttp.HeaderXForwardedProto, "https")
-	req.Header.Set("X-Forwarded-Host", "secure.example.com:8080")
+	req.Header.Set(fasthttp.HeaderXForwardedHost, "secure.example.com:8080")
 	req.Header.Set("X-Forwarded-URI", "/")
-	req.Header.Set("Accept", "text/html; charset=utf8")
+	req.Header.Set(fasthttp.HeaderAccept, "text/html; charset=utf8")
 	client := NewHTTPClient()
 	res, err := client.Do(req)
 	s.Assert().NoError(err)
-	s.Assert().Equal(res.StatusCode, 302)
+	s.Assert().Equal(fasthttp.StatusFound, res.StatusCode)
 	body, err := io.ReadAll(res.Body)
 	s.Assert().NoError(err)
@ -299,19 +300,19 @@ func (s *StandaloneSuite) TestShouldVerifyAPIVerifyRedirectFromXOriginalHostURI(
 func (s *StandaloneSuite) TestShouldRecordMetrics() {
 	client := NewHTTPClient()
-	req, err := http.NewRequest("GET", fmt.Sprintf("%s/api/health", LoginBaseURL), nil)
+	req, err := http.NewRequest(fasthttp.MethodGet, fmt.Sprintf("%s/api/health", LoginBaseURL), nil)
 	s.Require().NoError(err)
 	res, err := client.Do(req)
 	s.Require().NoError(err)
-	s.Assert().Equal(res.StatusCode, 200)
+	s.Assert().Equal(fasthttp.StatusOK, fasthttp.StatusOK, res.StatusCode)
-	req, err = http.NewRequest("GET", fmt.Sprintf("%s/metrics", LoginBaseURL), nil)
+	req, err = http.NewRequest(fasthttp.MethodGet, fmt.Sprintf("%s/metrics", LoginBaseURL), nil)
 	s.Require().NoError(err)
 	res, err = client.Do(req)
 	s.Require().NoError(err)
-	s.Assert().Equal(res.StatusCode, 200)
+	s.Assert().Equal(fasthttp.StatusOK, res.StatusCode)
 	body, err := io.ReadAll(res.Body)
 	s.Require().NoError(err)
--- a/internal/suites/utils.go
+++ b/internal/suites/utils.go
@ -17,6 +17,7 @@ import (
 	"github.com/go-rod/rod"
 	"github.com/google/uuid"
 	log "github.com/sirupsen/logrus"
 	"github.com/valyala/fasthttp"
 )
 var browserPaths = []string{"/usr/bin/chromium-browser", "/usr/bin/chromium"}
@ -264,8 +265,8 @@ func getDomainEnvInfo(domain string) (info map[string]string, err error) {
 		return info, err
 	}
-	req.Header.Set("X-Forwarded-Proto", "https")
+	req.Header.Set(fasthttp.HeaderXForwardedProto, "https")
-	req.Header.Set("X-Forwarded-Host", domain)
+	req.Header.Set(fasthttp.HeaderXForwardedHost, domain)
 	if resp, err = client.Do(req); err != nil {
 		return info, err