Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Test to confirm that header names are not trimmed #5500

Open
swankjesse opened this issue Sep 26, 2019 · 3 comments
Open

Test to confirm that header names are not trimmed #5500

swankjesse opened this issue Sep 26, 2019 · 3 comments
Labels
bug Bug in existing code tests Fix relates to tests not code
Milestone
5.0

Comments

@swankjesse
Copy link
Member

This caused the Go folks some grief. It doesn’t impact us as much (clients control which servers they contact), but it’s good to be careful.

https://groups.google.com/forum/m/#!topic/golang-announce/cszieYyuL9Q
@swankjesse swankjesse added bug Bug in existing code tests Fix relates to tests not code and removed bug Bug in existing code labels Sep 26, 2019
@swankjesse swankjesse added this to the Backlog milestone Sep 26, 2019
@yschimke
Copy link
Collaborator

yschimke commented Apr 12, 2020
edited

Seems awkward

https://github.com/1184893257/okhttp/blob/master/okhttp-tests/src/test/java/com/squareup/okhttp/internal/http/HeadersTest.java#L136

  @Test public void ofTrims() {
    Headers headers = Headers.of("\t User-Agent \n", " \r OkHttp ");
    assertEquals("User-Agent", headers.name(0));
    assertEquals("OkHttp", headers.value(0));
  }

https://github.com/1184893257/okhttp/blob/master/okhttp-tests/src/test/java/com/squareup/okhttp/internal/http/HeadersTest.java#L262

  @Test public void ofMapTrimsKey() {
    Headers headers = Headers.of(singletonMap(" User-Agent ", "OkHttp"));
    assertThat(headers.name(0)).isEqualTo("User-Agent");
  }

@yschimke
Copy link
Collaborator

@swankjesse Are you happy that we change the behaviour and tests here? Fix is simple if so, and we just publicise it in our release.

@yschimke yschimke added the bug Bug in existing code label May 15, 2020
@swankjesse
Copy link
Member Author

Unclear what action we should take. Note that there’s another potential attack on response headers.

@swankjesse swankjesse modified the milestones: Backlog, 5.0 Jul 15, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Bug in existing code tests Fix relates to tests not code
Projects
None yet
Milestone
5.0
Development

No branches or pull requests
2 participants
@swankjesse @yschimke