On Mon, 2023-11-27 at 18:32 +0000, Maksim Chernyshenko wrote: > Good day, everyone! > > Me and my team are in the process of migration to httpclient v5.2 > from v4.5 and we are currently hindered by the following issue: > httpclient5 is not dropping Authentication headers when following > redirects. This results in errors when users make authenticated > requests to our API and get redirected to other services, such as S3, > that expect their own Authorization header. > > Previously, to avoid this collision, we were able to drop Auth > headers ourselves by creating a custom RedirectStrategy > implementation that was using RedirectStrategy:HttpUriRequest > getRedirect() method to modify redirected request’s headers. In > recent httpclient5 version this method was replaced with URI > getLocationURI() which makes it impossible to do so. > > We’ve tried to google this issue, read documentation, FAQs and > Mailing lists and inspected the httpclient’s source code, but > couldn’t find any possible solution for this problem. > Could you, please, point us to the right direction to help us solve > this issue in case there’s something we missed? > > Thank you! > > Regards, > Chernyshenko Maksim >
Why do you manually add Authentication headers in the first place? There are three options that one presently has: * Handle redirects manually as well * Add a custom request interceptor immediately after RedirectExec and strip undesired headers from requests * Let HttpClient handle authentication (recommended). Oleg --------------------------------------------------------------------- To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org For additional commands, e-mail: httpclient-users-h...@hc.apache.org
