[
https://issues.apache.org/jira/browse/CAMEL-20624?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17831678#comment-17831678
]
Joshua Grisham commented on CAMEL-20624:
----------------------------------------
(*)(*)(*)!
> camel-http - OAuth2 support adds duplicate Authorization header if one
> already exists on the Exchange
> -----------------------------------------------------------------------------------------------------
>
> Key: CAMEL-20624
> URL: https://issues.apache.org/jira/browse/CAMEL-20624
> Project: Camel
> Issue Type: Bug
> Components: camel-http
> Affects Versions: 4.4.1
> Reporter: Joshua Grisham
> Priority: Minor
> Fix For: 4.4.2, 4.6.0
>
>
> If the Exchange already has a header with the name "Authorization" and the
> OAuth2 feature of camel-http is used, the existing Authorization header is
> left on the request to the target and a second header with the same name is
> added.
> This very often results in a denied HTTP request (e.g. HTTP 400 Bad Request)
> as well as conflicts with RFC 7230/7235 for example here: [RFC 7230:
> Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing
> (rfc-editor.org)|https://www.rfc-editor.org/rfc/rfc7230#section-3.2.2]
> {panel:title=3.2.2. Field Order}
> ...
> A sender MUST NOT generate multiple header fields with the same field name in
> a message unless either the entire field value for that header field is
> defined as a comma-separated list [i.e., #(values)|#(values)] or the header
> field is a well-known exception (as noted below).
> ...
> {panel}
>
> A proposed fix to this is to update the existing header if it already exists
> instead of always adding a new header (e.g. `request.setHeader()` instead of
> `request.addHeader()`)
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
