Error "Chunked transfer encoding not allowed for HTTP/1.0" when sending request through proxy with HttpClient 5.4

Thu, 16 Jan 2025 15:56:34 -0800 

Hi everyone,
after upgrading my Spring project (corporate setting) to HttpClient 5.4.1 from HttpClient 5.3, I suddenly started to receive errors when sending requests through corporate proxies. Before, this worked without problems. The error message is: "org.apache.hc.core5.http.ProtocolException: Chunked transfer encoding not allowed for HTTP/1.0" (also see stacktrace below). 


After being unable to find anything meaningful on the web, I 
investigated a bit further by looking at the wire protocol (also see below).



There I can see that, after a CONNECT request is sent to the proxy, the 
proxy responds with "HTTP/1.0 200 Connection Established".



Looking at the diff between HttpClient 5.3 and 5.4, I get the impression 
that the protocol version of this proxy response is now interpreted and 
also set on the HTTP connection that is made after establishing the TLS 
connection through the TCP tunnel set up by the proxy.



While I'm by far no expert on the finer details of HTTP, interpreting 
the protocol version in this response strikes me as a bit odd due to the 
following reasons:



1. as far as I understand it, the proxy has merely the job to set up the 
tunnel after CONNECT and further content will not be interpreted by it.

2. CONNECT itself seems to be part of HTTP/1.1


Of course, the proxy should probably respond with "HTTP/1.1" instead of 
"HTTP/1.0". However, due to the rigid corporate setting I am in, it will 
be very difficult and time consuming, if at all possible to find the 
appropriate team(s) and convince them to configure every proxy's 
response to be "HTTP/1.1 200 Connection Established" (1.1 instead of 1.0).



Finally, the actual request that is sent after the TLS connection has 
been established, is sent with HTTP/1.1 (not 1.0), as can be seen in the 
wire protocol below. This seems to be a bit inconsistent.



Unfortunately, the only solution I have found so far, given time 
constraints, is to use a different http client.


What is your opinion on this issue?
Did I miss something?
Is this an intentional change with 5.4?
Is it a bug?


If the behavior is intentional, would it maybe be possible to introduce 
a configuration flag to ignore the HTTP/1.0 protocol version in a 
CONNECT-response by such proxies to regain compatibility?



I should also mention that the error does not occur when the request 
body is something with a predictable length, e.g. a string. This is 
related to Spring's usage of different HttpMessageConverters and their 
effect on the content-length header.


Thanks and kind regards,
Polybios


---

Stack trace:



org.apache.hc.core5.http.ProtocolException: Chunked transfer encoding 
not allowed for HTTP/1.0
    at 
org.apache.hc.core5.http.protocol.RequestContent.process(RequestContent.java:127) 
~[httpcore5-5.3.1.jar:5.3.1]
    at 
org.apache.hc.core5.http.protocol.DefaultHttpProcessor.process(DefaultHttpProcessor.java:107) 
~[httpcore5-5.3.1.jar:5.3.1]
    at 
org.apache.hc.client5.http.impl.classic.MainClientExec.execute(MainClientExec.java:119) 
~[httpclient5-5.4.1.jar:5.4.1]
    at 
org.apache.hc.client5.http.impl.classic.ExecChainElement.execute(ExecChainElement.java:51) 
~[httpclient5-5.4.1.jar:5.4.1]
    at 
org.apache.hc.client5.http.impl.classic.ConnectExec.execute(ConnectExec.java:199) 
~[httpclient5-5.4.1.jar:5.4.1]
    at 
org.apache.hc.client5.http.impl.classic.ExecChainElement.execute(ExecChainElement.java:51) 
~[httpclient5-5.4.1.jar:5.4.1]
    at 
org.apache.hc.client5.http.impl.classic.ProtocolExec.execute(ProtocolExec.java:192) 
~[httpclient5-5.4.1.jar:5.4.1]
    at 
org.apache.hc.client5.http.impl.classic.ExecChainElement.execute(ExecChainElement.java:51) 
~[httpclient5-5.4.1.jar:5.4.1]
    at 
org.apache.hc.client5.http.impl.classic.ContentCompressionExec.execute(ContentCompressionExec.java:150) 
~[httpclient5-5.4.1.jar:5.4.1]
    at 
org.apache.hc.client5.http.impl.classic.ExecChainElement.execute(ExecChainElement.java:51) 
~[httpclient5-5.4.1.jar:5.4.1]
    at 
org.apache.hc.client5.http.impl.classic.HttpRequestRetryExec.execute(HttpRequestRetryExec.java:113) 
~[httpclient5-5.4.1.jar:5.4.1]
    at 
org.apache.hc.client5.http.impl.classic.ExecChainElement.execute(ExecChainElement.java:51) 
~[httpclient5-5.4.1.jar:5.4.1]
    at 
org.apache.hc.client5.http.impl.classic.RedirectExec.execute(RedirectExec.java:110) 
~[httpclient5-5.4.1.jar:5.4.1]
    at 
org.apache.hc.client5.http.impl.classic.ExecChainElement.execute(ExecChainElement.java:51) 
~[httpclient5-5.4.1.jar:5.4.1]
    at 
org.apache.hc.client5.http.impl.classic.InternalHttpClient.doExecute(InternalHttpClient.java:174) 
~[httpclient5-5.4.1.jar:5.4.1]
    at 
org.apache.hc.client5.http.impl.classic.CloseableHttpClient.execute(CloseableHttpClient.java:87) 
~[httpclient5-5.4.1.jar:5.4.1]
    at 
org.apache.hc.client5.http.impl.classic.CloseableHttpClient.execute(CloseableHttpClient.java:55) 
~[httpclient5-5.4.1.jar:5.4.1]
    at 
org.apache.hc.client5.http.classic.HttpClient.executeOpen(HttpClient.java:183) 
~[httpclient5-5.4.1.jar:5.4.1]
    at 
org.springframework.http.client.HttpComponentsClientHttpRequest.executeInternal(HttpComponentsClientHttpRequest.java:99) 
~[spring-web-6.2.1.jar:6.2.1]



---

Wire protocol (I have replaced proxy and target host names)


h.i.i.DefaultHttpClientConnectionOperator http-outgoing-0 
http://PROXY_HOST:8080 connected [...]
h.i.i.PoolingHttpClientConnectionManager ep-0000000001 executing 
exchange ex-0000000001 over http-outgoing-0

[...]

org.apache.hc.client5.http.wire   http-outgoing-0 >> "CONNECT 
TARGET_HOST:443 HTTP/1.1[\r][\n]"
org.apache.hc.client5.http.wire   http-outgoing-0 >> "Host 
TARGET_HOST:443[\r][\n]"
org.apache.hc.client5.http.wire   http-outgoing-0 >> "User-Agent: 
ApacheHttpClient/5.4.1 (Java/17.[...])[\r][\n]"

org.apache.hc.client5.http.wire   http-outgoing-0 >> "[\r][\n]"

org.apache.hc.client5.http.wire   http-outgoing-0 << "HTTP/1.0 200 
Connection Established[\r][\n]"

org.apache.hc.client5.http.wire   http-outgoing-0 << "[\r][\n]"
[...]

h.i.i.DefaultHttpClientConnectionOperator http-outgoing-0 upgrading to 
TLS TARGET_HOST:443

[...]
o.a.h.c.ssl.AbstractClientTlsStrategy Secure session established
o.a.h.c.ssl.AbstractClientTlsStrategy negotiated protocol: TLSv1.3
[...]

h.i.i.DefaultHttpClientConnectionOperator http-outgoing-0 upgraded to 
TLS TARGET_HOST:443
o.a.h.c.h.impl.classic.MainClientExec ex-0000000001 executing POST /path 
HTTP/1.1
h.i.i.DefaultManagedHttpClientConnection http-outgoing-0 close 
connection IMMEDIATE




---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
For additional commands, e-mail: httpclient-users-h...@hc.apache.org























					Reply via email to