On Tue, 8 Oct 2024 14:03:07 GMT, Michael McMahon <micha...@openjdk.org> wrote:
> Hi, > > I closed https://github.com/openjdk/jdk/pull/21249 and am continuing the > review on this PR. > > This fix relaxes the constraints on user set authentication headers. > Currently, any user set authentication headers are filtered out, if the > HttpClient has an Authenticator set. The reason being that the authenticator > is expected to manage authentication. With this fix, it will be possible to > use pre-emptive authentication through user set headers, even if an > authenticator is set. The expected use case is where the authenticator would > manage either proxy or server authentication and the user set headers would > manage server authentication if the authenticator is managing proxy (or vice > versa). > > A CSR will be filed to document this change. > > Thanks, > Michael This pull request has now been integrated. Changeset: 01b681c8 Author: Michael McMahon <micha...@openjdk.org> URL: https://git.openjdk.org/jdk/commit/01b681c80d5f7c76013ab6274b9f4a3dcf2f4c39 Stats: 801 lines in 9 files changed: 589 ins; 203 del; 9 mod 8326949: Authorization header is removed when a proxy Authenticator is set on HttpClient Reviewed-by: dfuchs, jpai, djelinski ------------- PR: https://git.openjdk.org/jdk/pull/21408
