geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sangjin Lee (JIRA)" <j...@apache.org>
Subject [jira] Updated: (GERONIMO-3839) caller supplied content is ignored, and some request headers may be added twice
Date Tue, 12 Feb 2008 23:35:08 GMT

     [ https://issues.apache.org/jira/browse/GERONIMO-3839?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Sangjin Lee updated GERONIMO-3839:
----------------------------------

    Priority: Major  (was: Minor)
     Summary: caller supplied content is ignored, and some request headers may be added twice
 (was: some request headers may be added twice)

Updated the title and severity to accurately reflect the nature.

We found an even more glaring issue.  Any caller-supplied request body is ignored by HttpRequestEncoder.
 It makes an assumption that all post requests are form posts.

> caller supplied content is ignored, and some request headers may be added twice
> -------------------------------------------------------------------------------
>
>                 Key: GERONIMO-3839
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-3839
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: AsyncHttpClient
>    Affects Versions: 1.x
>            Reporter: Sangjin Lee
>            Assignee: Rick McGuire
>         Attachments: GERONIMO-3839.patch
>
>
> Some request headers get special treatment by HttpRequestEncoder.  HttpRequestEncoder
does not make any effort in checking to see if they are present in the headers already.  As
a result, they may be added twice if one is not careful.  For example,
> - Content-Type & Content-Length are added by HttpRequestEncoder for POST requests,
and should not be added by callers.
> - Host & User-Agent are always added by HttpRequestEncoder, and should not be added
by callers as ordinary headers.
> Although one could argue that callers should not add these headers by hand, I think HttpRequestEncoder
still should ensure that they are not added twice.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message