Joshua Grisham created CAMEL-20624:
--------------------------------------
Summary: camel-http - OAuth2 support adds duplicate Authorization
header if one already exists on the Exchange
Key: CAMEL-20624
URL: https://issues.apache.org/jira/browse/CAMEL-20624
Project: Camel
Issue Type: Bug
Components: camel-http
Affects Versions: 4.4.1
Reporter: Joshua Grisham
If the Exchange already has a header with the name "Authorization" and the
OAuth2 feature of camel-http is used, the existing Authorization header is left
on the request to the target and a second header with the same name is added.
This very often results in a denied HTTP request (e.g. HTTP 400 Bad Request) as
well as conflicts with RFC 7230/7235 for example here: [RFC 7230: Hypertext
Transfer Protocol (HTTP/1.1): Message Syntax and Routing
(rfc-editor.org)|https://www.rfc-editor.org/rfc/rfc7230#section-3.2.2]
{panel:title=3.2.2. Field Order}
...
A sender MUST NOT generate multiple header fields with the same field name in a
message unless either the entire field value for that header field is defined
as a comma-separated list [i.e., #(values)|#(values)] or the header field is a
well-known exception (as noted below).
...
{panel}
A proposed fix to this is to update the existing header if it already exists
instead of always adding a new header (e.g. `request.setHeader()` instead of
`request.addHeader()`)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
