Since the migration to Apache HttpClient 5 (v17.x onwards, still present in
18.0.3), ApacheHttpRequestToSign#getPath() returns the decoded request
path while the request is sent over the wire with the encoded path. This
causes a canonical-string mismatch between client and server for every request
whose URI contains characters that get percent-encoded (spaces, /, +, %,
non-ASCII letters such as Æ/Ø/Å/é, …). The Digipost server rejects the
signature with HTTP 400, and because the rejected response is unsigned, the
client-side ResponseSignatureInterceptor additionally logs
Missing X-Digipost-Signature header.
In v16.4.1 (HttpClient 4) the same method used URI#getRawPath() and the bug
did not exist.
Since the migration to Apache HttpClient 5 (v17.x onwards, still present in
18.0.3),
ApacheHttpRequestToSign#getPath()returns the decoded requestpath while the request is sent over the wire with the encoded path. This
causes a canonical-string mismatch between client and server for every request
whose URI contains characters that get percent-encoded (spaces,
/,+,%,non-ASCII letters such as Æ/Ø/Å/é, …). The Digipost server rejects the
signature with HTTP 400, and because the rejected response is unsigned, the
client-side
ResponseSignatureInterceptoradditionally logsMissing X-Digipost-Signature header.In v16.4.1 (HttpClient 4) the same method used
URI#getRawPath()and the bugdid not exist.