pgyori commented on a change in pull request #4603:
URL: https://github.com/apache/nifi/pull/4603#discussion_r507808251
##########
File path:
nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/servlets/ListenHTTPServlet.java
##########
@@ -120,17 +121,28 @@ public void init(final ServletConfig config) throws
ServletException {
this.returnCode = (int)
context.getAttribute(ListenHTTP.CONTEXT_ATTRIBUTE_RETURN_CODE);
this.multipartRequestMaxSize = (long)
context.getAttribute(ListenHTTP.CONTEXT_ATTRIBUTE_MULTIPART_REQUEST_MAX_SIZE);
this.multipartReadBufferSize = (int)
context.getAttribute(ListenHTTP.CONTEXT_ATTRIBUTE_MULTIPART_READ_BUFFER_SIZE);
+ this.port = (int)
context.getAttribute(ListenHTTP.CONTEXT_ATTRIBUTE_PORT);
}
@Override
protected void doHead(final HttpServletRequest request, final
HttpServletResponse response) throws ServletException, IOException {
- response.addHeader(ACCEPT_ENCODING_NAME, ACCEPT_ENCODING_VALUE);
- response.addHeader(ACCEPT_HEADER_NAME, ACCEPT_HEADER_VALUE);
- response.addHeader(PROTOCOL_VERSION_HEADER, PROTOCOL_VERSION);
+ if (request.getLocalPort() == port) {
Review comment:
My reason for implementing it this way is that I did not want any
existing functionality to be available via the new port. The use case when it
is reasonable to configure a separate port for health checks is when 2-way SSL
is used on the primary port, and the LB can't provide a client certificate.
Since the health check port can be used without client authentication, I do not
want any information from the primary service (not even header data) to be
accessible via that port.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
