Good day, everyone! Me and my team are in the process of migration to httpclient v5.2 from v4.5 and we are currently hindered by the following issue: httpclient5 is not dropping Authentication headers when following redirects. This results in errors when users make authenticated requests to our API and get redirected to other services, such as S3, that expect their own Authorization header.
Previously, to avoid this collision, we were able to drop Auth headers ourselves by creating a custom RedirectStrategy implementation that was using RedirectStrategy:HttpUriRequest getRedirect() method to modify redirected request’s headers. In recent httpclient5 version this method was replaced with URI getLocationURI() which makes it impossible to do so. We’ve tried to google this issue, read documentation, FAQs and Mailing lists and inspected the httpclient’s source code, but couldn’t find any possible solution for this problem. Could you, please, point us to the right direction to help us solve this issue in case there’s something we missed? Thank you! Regards, Chernyshenko Maksim This message and any attachments may contain information that is confidential, proprietary, and private and may be legally protected from disclosure. The information is intended to be for the use of the individual or entity designated above. If you are not the intended recipient of this message, please notify the sender immediately, and delete this message and any attachments. Any disclosure, reproduction, distribution or other use of this message or any attachments by an individual or entity other than the intended recipient is prohibited.
