[
https://issues.apache.org/jira/browse/CASSJAVA-55?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Bret McGuire updated CASSJAVA-55:
---------------------------------
Fix Version/s: 4.19.0
3.12.1
> Reconsider setting "localhost" in CloudConfigFactory
> ----------------------------------------------------
>
> Key: CASSJAVA-55
> URL: https://issues.apache.org/jira/browse/CASSJAVA-55
> Project: Apache Cassandra Java driver
> Issue Type: Bug
> Components: Core
> Reporter: Bret McGuire
> Assignee: Bret McGuire
> Priority: Normal
> Fix For: 4.19.0, 3.12.1
>
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> Current code for DataStax cloud attempts to set the "host" request property
> of the URLConnection that looks up metadata to "localhost" (see
> [here|https://github.com/apache/cassandra-java-driver/blob/4.18.1/core/src/main/java/com/datastax/oss/driver/internal/core/config/cloud/CloudConfigFactory.java#L232]
> for 4.x,
> [here|https://github.com/apache/cassandra-java-driver/blob/3.11.5/driver-core/src/main/java/com/datastax/driver/core/CloudConfigFactory.java#L209]
> for 3.x). This is passively problematic as in the common case attempts to
> set the Host header for URLConnection are ignored. But in some situations
> this can become actively problematic; the
> "sun.net.http.allowRestrictedHeaders" and/or
> "jdk.httpclient.allowRestrictedHeaders" actually _enable_ this operation to
> succeed. Upshot is that any downstream processing which relies on the Host
> header is now receiving unexpected data.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
