[prev in list] [next in list] [prev in thread] [next in thread]
List: httpcomponents-commits
Subject: svn commit: r1686590 - in /httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http:
From: olegk () apache ! org
Date: 2015-06-20 12:12:18
Message-ID: 20150620121218.A18BDAC048D () hades ! apache ! org
[Download RAW message or body]
Author: olegk
Date: Sat Jun 20 12:12:18 2015
New Revision: 1686590
URL: http://svn.apache.org/r1686590
Log:
RFC 7231: do not generate header fields in TRACE requests containing sensitive data \
such as cookie and user credentials
Modified:
httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/client/protocol/RequestAddCookies.java
httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/execchain/MainClientExec.java
Modified: httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/client/protocol/RequestAddCookies.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/httpclient/src/main/ \
java/org/apache/http/client/protocol/RequestAddCookies.java?rev=1686590&r1=1686589&r2=1686590&view=diff
==============================================================================
--- httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/client/protocol/RequestAddCookies.java \
(original)
+++ httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/client/protocol/RequestAddCookies.java \
Sat Jun 20 12:12:18 2015 @@ -79,7 +79,7 @@ public class RequestAddCookies implement
Args.notNull(context, "HTTP context");
final String method = request.getRequestLine().getMethod();
- if (method.equalsIgnoreCase("CONNECT")) {
+ if (method.equalsIgnoreCase("CONNECT") || method.equalsIgnoreCase("TRACE")) \
{ return;
}
Modified: httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/execchain/MainClientExec.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/httpclient/src/main/ \
java/org/apache/http/impl/execchain/MainClientExec.java?rev=1686590&r1=1686589&r2=1686590&view=diff
==============================================================================
--- httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/execchain/MainClientExec.java \
(original)
+++ httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/execchain/MainClientExec.java \
Sat Jun 20 12:12:18 2015 @@ -277,6 +277,11 @@ public class MainClientExec implements \
C connHolder.markNonReusable();
}
+ if (request.getMethod().equalsIgnoreCase("TRACE")) {
+ // Do not perform authentication for TRACE request
+ break;
+ }
+
if (needAuthentication(
targetAuthState, proxyAuthState, route, response, context)) \
{
// Make sure the response body is fully consumed, if present
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic