-
Notifications
You must be signed in to change notification settings - Fork 136
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
pool: drop Authorization HTTP header on redirected
Motivation: It is fairly commonly established that an HTTP client should drop any Authorization HTTP request header(s) when following a redirection; that is, the subsequent HTTP request after the initial request returned a 30x status code should not contain an Authorization header. Currently dCache HTTP-TPC code keeps the Authorization header in subsequent requests. In addition to going against best practice, this results in failed transfers for Dynafed for token-based HTTP-TPC because the underlying library handles the redirected request (with both an Authorization header and the auth token embedded in the URL) as an attempt to use the Authorization header (containing the auth token), which the target server does not understand. Modification: (Note: redirection of GET, HEAD and DELETE requests are handled by the Apache HttpClient library, while redirection for PUT is handled by our own code.) Refactor how HttpClient is created; and, in particular, how the TLS/HTTPS client is created. This is to make the code DRY. Update HttpClient builder to inject custom RedirectionStrategy that drops the Authorization header on redirection. Update code that adds HTTP request headers to be aware whether or not the request is a redirection. If it is a redirection, then the Authorization header is dropped. Result: When making an HTTP third-party copy (HTTP-TPC), dCache no longer sends the "Authorization" HTTP request header in any subsequent request when the remote server responds with a redirection. Target: master Request: 6.1 Request: 6.0 Request: 5.2 Closes: #5386 Patch: https://rb.dcache.org/r/12335/ Acked-by: Tigran Mkrtchyan
- Loading branch information
1 parent
eb1a180
commit d4d4e26
Showing
2 changed files
with
84 additions
and
22 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters