abhishekagarwal87 commented on code in PR #17045:
URL: https://github.com/apache/druid/pull/17045#discussion_r1758208605
##########
processing/src/main/java/org/apache/druid/data/input/impl/HttpInputSource.java:
##########
@@ -100,13 +100,15 @@ public static void
throwIfInvalidProtocols(HttpInputSourceConfig config, List<UR
public static void throwIfForbiddenHeaders(HttpInputSourceConfig config,
Map<String, String> requestHeaders)
{
- if (config.getAllowedHeaders().size() > 0) {
- for (Map.Entry<String, String> entry : requestHeaders.entrySet()) {
- if
(!config.getAllowedHeaders().contains(StringUtils.toLowerCase(entry.getKey())))
{
- throw InvalidInput.exception("Got forbidden header %s, allowed
headers are only %s ",
- entry.getKey(),
config.getAllowedHeaders()
- );
- }
+ String message = null;
+ if (config.getAllowedHeaders().size() == 0 && requestHeaders.size() > 0) {
+ message = "You can set the property druid.ingestion.http.allowedHeaders
in middle managers or peons to whitelist request headers";
+ }
+ for (Map.Entry<String, String> entry : requestHeaders.entrySet()) {
+ if
(!config.getAllowedHeaders().contains(StringUtils.toLowerCase(entry.getKey())))
{
+ throw InvalidInput.exception("Got forbidden header %s, allowed headers
are only %s. %s",
Review Comment:
```suggestion
throw InvalidInput.exception("Got forbidden header [%s], allowed
headers are only [%s]. You can control the allowed headers by updating
druid.ingestion.http.allowedHeaders",
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
