[
https://issues.apache.org/jira/browse/GERONIMO-3839?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sangjin Lee updated GERONIMO-3839:
----------------------------------
Priority: Major (was: Minor)
Summary: caller supplied content is ignored, and some request headers may
be added twice (was: some request headers may be added twice)
Updated the title and severity to accurately reflect the nature.
We found an even more glaring issue. Any caller-supplied request body is
ignored by HttpRequestEncoder. It makes an assumption that all post requests
are form posts.
> caller supplied content is ignored, and some request headers may be added
> twice
> -------------------------------------------------------------------------------
>
> Key: GERONIMO-3839
> URL: https://issues.apache.org/jira/browse/GERONIMO-3839
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: AsyncHttpClient
> Affects Versions: 1.x
> Reporter: Sangjin Lee
> Assignee: Rick McGuire
> Attachments: GERONIMO-3839.patch
>
>
> Some request headers get special treatment by HttpRequestEncoder.
> HttpRequestEncoder does not make any effort in checking to see if they are
> present in the headers already. As a result, they may be added twice if one
> is not careful. For example,
> - Content-Type & Content-Length are added by HttpRequestEncoder for POST
> requests, and should not be added by callers.
> - Host & User-Agent are always added by HttpRequestEncoder, and should not be
> added by callers as ordinary headers.
> Although one could argue that callers should not add these headers by hand, I
> think HttpRequestEncoder still should ensure that they are not added twice.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
