[jira] [Commented] (HTTPCORE-736) HttpClient GET method adds Content-Length: 0 header

Jin Xu (Jira) Sun, 19 Mar 2023 19:54:04 -0700


    [ 
https://issues.apache.org/jira/browse/HTTPCORE-736?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17702420#comment-17702420
 ]


Jin Xu commented on HTTPCORE-736:
---------------------------------

[~olegk]
Hi.
I re-investigated the whole invoke chain today.
Yes mostly you be right.
We have some kids wrote some codes like this:

```java
        HttpUriRequest httpUriRequest = RequestBuilder.create("GET")
                .setUri("http://127.0.0.1";)
                .setEntity(
                        new ByteArrayEntity(new byte[0])
                ).build();
        ((HttpEntityEnclosingRequest)httpUriRequest).setEntity(null);
        System.out.println(httpUriRequest);
        HttpClient client = HttpClients.createSystem();
        client.execute(httpUriRequest);
```

As when he run the build() there be an entity in that builder, the 
HttpUriRequest becomes RequestBuilders$InternalEntityEclosingRequest
And then he set the entity to null
(sigh)
.............one of the disasters those AOP abusing guys would cause.
Still, I actually be queite worried even so.
If you want EntityEclosingRequest to really have entity, you shall add require 
non null checker onto it to ensure failure when people try to set it null, 
after all it exposed an public setEntity function right?
But actually HttpEntityEnclosingRequest doesn't mean the entity must bu not 
null, as you can see, quite some implementations shows it allows user to set it 
to null, thus would cause the content-length=0 appear, like 
org.apache.http.impl.client.EntityEnclosingRequestWrapper
Otherwise you shall make it compitable when it be null...
Well I don't think I'm the only one who have coworkers doing stupid behaviors 
like this, so I do think we should have a decision on fix on either side.

> HttpClient GET method adds Content-Length: 0 header
> ---------------------------------------------------
>
>                 Key: HTTPCORE-736
>                 URL: https://issues.apache.org/jira/browse/HTTPCORE-736
>             Project: HttpComponents HttpCore
>          Issue Type: Bug
>    Affects Versions: 4.4.16, 5.2.1
>            Reporter: Jin Xu
>            Priority: Critical
>          Time Spent: 50m
>  Remaining Estimate: 0h
>
> HttpClient GET method adds Content-Length: 0 header
> This would cuase some server/firewall deny this kind of http requests.
> See fixes of the same bug in other frameworks:
> java: https://bugs.openjdk.org/browse/JDK-8283544
> dart: https://github.com/dart-lang/shelf/pull/180



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org
For additional commands, e-mail: dev-h...@hc.apache.org

[jira] [Commented] (HTTPCORE-736) HttpClient GET method adds Content-Length: 0 header

Reply via email to