[ https://issues.apache.org/jira/browse/HTTPCLIENT-2325?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17828069#comment-17828069 ]
ASF subversion and git services commented on HTTPCLIENT-2325: ------------------------------------------------------------- Commit 3b9bc89c2604c4e4ad509fb922e6c88ff101e13e in httpcomponents-client's branch refs/heads/master from Vladimir Sitnikov [ https://gitbox.apache.org/repos/asf?p=httpcomponents-client.git;h=3b9bc89c2 ] HTTPCLIENT-2325 Avoid adding "; charset=" for multipart/form-data requests Previusly, "charset" parameter was added to the Content-Type header, however adding "charset=..." is not specified in RFC 7578, and it causes issues with (flawed?) HTTP servers. The change does not modify ContentType.MULTIPART_FORM_DATA, and it might have backward compatibility side-effects. See * https://github.com/apache/jmeter/issues/6250 * https://github.com/owasp-modsecurity/ModSecurity/commit/6e56950cdf258c9b39f12cf6eb014cb59797cfd3 * https://bz.apache.org/bugzilla/show_bug.cgi?id=61384 * https://github.com/akka/akka-http/issues/338 > Avoid adding "; charset=" for multipart/form-data requests > ---------------------------------------------------------- > > Key: HTTPCLIENT-2325 > URL: https://issues.apache.org/jira/browse/HTTPCLIENT-2325 > Project: HttpComponents HttpClient > Issue Type: Improvement > Components: HttpClient (classic) > Affects Versions: 4.5.14 > Reporter: Vladimir Sitnikov > Priority: Major > Time Spent: 1h 50m > Remaining Estimate: 0h > > Currently, HttpClient adds {{; charset=}} to {{multipart/form-data}} which > both > 1) Breaks certain HTTP servers: see > https://github.com/apache/jmeter/pull/6251, > https://github.com/akka/akka-http/issues/338 > 2) Does not follow RFC 2046 and RFC 7578 > Even though including "charset" parameter is not explicitly forbidden by > RFCs, there are known HTTP servers that can't parse such requests, so why > generating the "charset=..." for multipart/form-data in the first place? > See how RFC 7578 suggests setting the default charset: > https://datatracker.ietf.org/doc/html/rfc7578#section-5.1.2 > They mention a {{_charset_}} field instead. > ---- > Unfortunately, removal of {{multipartEntityBuilder.setCharset(charset);}} in > the caller's code is not enough as HttpClient uses the supplied charset in > {{HttpBrowserCompatibleMultipart}}. > --- > I suggest to avoid sending {{charset}} within {{multipart/form-data}} header, > so it includes only {{boundary}} just like RFC 7578 samples. > In other words, I suggest removing these lines: > https://github.com/apache/httpcomponents-client/blob/54900db4653d7f207477e6ee40135b88e9bcf832/httpmime/src/main/java/org/apache/http/entity/mime/MultipartEntityBuilder.java#L215-L217 -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org For additional commands, e-mail: dev-h...@hc.apache.org