[ https://issues.apache.org/jira/browse/CAMEL-20624?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Claus Ibsen resolved CAMEL-20624. --------------------------------- Resolution: Fixed > camel-http - OAuth2 support adds duplicate Authorization header if one > already exists on the Exchange > ----------------------------------------------------------------------------------------------------- > > Key: CAMEL-20624 > URL: https://issues.apache.org/jira/browse/CAMEL-20624 > Project: Camel > Issue Type: Bug > Components: camel-http > Affects Versions: 4.4.1 > Reporter: Joshua Grisham > Priority: Minor > Fix For: 4.4.2, 4.6.0 > > > If the Exchange already has a header with the name "Authorization" and the > OAuth2 feature of camel-http is used, the existing Authorization header is > left on the request to the target and a second header with the same name is > added. > This very often results in a denied HTTP request (e.g. HTTP 400 Bad Request) > as well as conflicts with RFC 7230/7235 for example here: [RFC 7230: > Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing > (rfc-editor.org)|https://www.rfc-editor.org/rfc/rfc7230#section-3.2.2] > {panel:title=3.2.2. Field Order} > ... > A sender MUST NOT generate multiple header fields with the same field name in > a message unless either the entire field value for that header field is > defined as a comma-separated list [i.e., #(values)|#(values)] or the header > field is a well-known exception (as noted below). > ... > {panel} > > A proposed fix to this is to update the existing header if it already exists > instead of always adding a new header (e.g. `request.setHeader()` instead of > `request.addHeader()`) -- This message was sent by Atlassian Jira (v8.20.10#820010)