This is an automated email from the ASF dual-hosted git repository. dkulp pushed a commit to branch main in repository https://gitbox.apache.org/repos/asf/cxf.git
The following commit(s) were added to refs/heads/main by this push: new 333e8b0b1c HttpClient will throw an exception for various restricted headers 333e8b0b1c is described below commit 333e8b0b1c0ae2081392c2872595d15d9c86c5e2 Author: Daniel Kulp <d...@kulp.com> AuthorDate: Thu May 25 12:17:11 2023 -0400 HttpClient will throw an exception for various restricted headers --- .../apache/cxf/transport/http/HttpClientHTTPConduit.java | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HttpClientHTTPConduit.java b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HttpClientHTTPConduit.java index 01fd631afc..2546e24bac 100644 --- a/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HttpClientHTTPConduit.java +++ b/rt/transports/http/src/main/java/org/apache/cxf/transport/http/HttpClientHTTPConduit.java @@ -55,6 +55,8 @@ import java.util.LinkedList; import java.util.List; import java.util.Map; import java.util.Optional; +import java.util.Set; +import java.util.TreeSet; import java.util.concurrent.CompletableFuture; import java.util.concurrent.ExecutionException; import java.util.concurrent.Flow; @@ -83,7 +85,7 @@ import org.apache.cxf.ws.addressing.EndpointReferenceType; public class HttpClientHTTPConduit extends URLConnectionHTTPConduit { - + private static final Set<String> RESTRICTED_HEADERS = getRestrictedHeaders(); volatile HttpClient client; volatile int lastTlsHash = -1; volatile URI sslURL; @@ -96,7 +98,12 @@ public class HttpClientHTTPConduit extends URLConnectionHTTPConduit { super(b, ei, t); } - + private static Set<String> getRestrictedHeaders() { + Set<String> headers = new TreeSet<>(String.CASE_INSENSITIVE_ORDER); + headers.addAll(Set.of("Connection", "Content-Length", "Expect", "Host", "Upgrade")); + return headers; + } + private boolean isSslTargetDifferent(URI lastURL, URI url) { return !lastURL.getScheme().equals(url.getScheme()) || !lastURL.getHost().equals(url.getHost()) @@ -313,8 +320,8 @@ public class HttpClientHTTPConduit extends URLConnectionHTTPConduit { for (Map.Entry<String, List<String>> head : h.headerMap().entrySet()) { List<String> headerList = head.getValue(); String header = head.getKey(); - if ("Connection".equals(header)) { - //HttpClient does not allow the Connection header + if (RESTRICTED_HEADERS.contains(header)) { + //HttpClient does not allow some restricted headers continue; } if (HttpHeaderHelper.CONTENT_TYPE.equalsIgnoreCase(header)) {