Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allows JdkClientHttpRequest.DISALLOWED_HEADERS to be customized. #30788

Closed
wants to merge 1 commit into from
Closed

Allows JdkClientHttpRequest.DISALLOWED_HEADERS to be customized. #30788

wants to merge 1 commit into from

Conversation

spencergibb
Copy link
Member

It does this by reading the System property jdk.httpclient.allowRestrictedHeaders and removing those set from the default list.

Fixes gh-30787

@spencergibb
Allows JdkClientHttpRequest.DISALLOWED_HEADERS to be customized.
43ec56c 
It does this by reading the System property `jdk.httpclient.allowRestrictedHeaders` and removing those set from the default list.

Fixes spring-projectsgh-30787
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged or decided on label Jun 30, 2023
spencergibb
spencergibb commented Jun 30, 2023
View reviewed changes
spring-web/src/main/java/org/springframework/http/client/JdkClientHttpRequest.java
TreeSet<String> headers = new TreeSet<>(String.CASE_INSENSITIVE_ORDER);
headers.addAll(Set.of("connection", "content-length", "expect", "host", "upgrade"));

String headersToAllow = System.getProperty("jdk.httpclient.allowRestrictedHeaders");
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe there is a setter somewhere and we set the property rather than trying to read it?

spencergibb
spencergibb commented Jun 30, 2023
View reviewed changes
spring-web/src/main/java/org/springframework/http/client/JdkClientHttpRequest.java
@@ -48,8 +51,19 @@ class JdkClientHttpRequest extends AbstractStreamingClientHttpRequest {
* The JDK HttpRequest doesn't allow all headers to be set. The named headers are taken from the default
* implementation for HttpRequest.
*/
private static final List<String> DISALLOWED_HEADERS =
List.of("connection", "content-length", "expect", "host", "upgrade");
protected static final Set<String> DISALLOWED_HEADERS = getDisallowedHeaders();
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

protected was changed to test without much setup.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

AbstractMockWebServerTests dispatch for /echo checks that Host is localhost:port, so unsure how to test otherwise.

@poutsma poutsma self-assigned this Jul 3, 2023
@poutsma poutsma added this to the 6.1.0-M2 milestone Jul 3, 2023
@poutsma poutsma added in: web Issues in web modules (web, webmvc, webflux, websocket) type: enhancement A general enhancement and removed status: waiting-for-triage An issue we've not yet triaged or decided on labels Jul 3, 2023
@poutsma poutsma closed this in 46f1849 Jul 3, 2023
poutsma added a commit that referenced this pull request Jul 3, 2023
@poutsma
Merge pull request #30788 from spencergibb:customize-disallowed-headers
1393fac 
* gh-30788:
  Polishing external contribution
  Allow customization of disallowed JdkClientHttpRequest headers
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@poutsma poutsma

Labels
in: web Issues in web modules (web, webmvc, webflux, websocket) type: enhancement A general enhancement
Projects
None yet
Milestone
6.1.0-M2
Development

Successfully merging this pull request may close these issues.

Allow JdkClientHttpRequest.DISALLOWED_HEADERS to be customized
3 participants
@spencergibb @poutsma @spring-projects-issues