You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hc.apache.org by "Oleg Kalnichevski (JIRA)" <ji...@apache.org> on 2014/01/27 11:48:38 UTC

[jira] [Resolved] (HTTPCLIENT-1452) in case of a redirect a wrong host param is set to http header

     [ https://issues.apache.org/jira/browse/HTTPCLIENT-1452?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Oleg Kalnichevski resolved HTTPCLIENT-1452.
-------------------------------------------

    Resolution: Invalid

One ought not mess with HTTP transport headers such as 'Host', 'Content-Length' and 'Transfer-Encoding' and let HttpClient generate the appropriate header values instead. In case of 'Content-Length' and 'Transfer-Encoding' headers HttpClient has no choice but to throw an exception refusing to execute a request that might render the underlying connection invalid due to incorrectly delineated request body. As far as the 'Host' header is concerned HttpClient simply does not overwrite the existing value assuming that the user knows better.

Oleg

> in case of a redirect a wrong host param is set to http header
> --------------------------------------------------------------
>
>                 Key: HTTPCLIENT-1452
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1452
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 4.3.1
>            Reporter: Lars Bachmann
>         Attachments: wire.log
>
>
> The following url will lead to a circular redirect and a CircularRedirectException in the end:
> http://it.bing.com/
> The reason is that http://it.bing.com will redirect to http://www.bing.com but the header param "host" is not set to the new host (bing.com), instead the host param of the original request (it.bing.com) is used. In the end the redirect request will not call http://www.bing.com but http://it.bing.com instead, which is the same location like the original url and will end up in a circular deadlock.
> The fix would be to override the host param with the value of the redirect request after copying all header params from the original request to the redirect request.
> The class to adjust is: org.apache.http.impl.client.DefaultRequestDirector.java
> The problem is also addressed here:
> http://stackoverflow.com/questions/6698214/avoid-circular-redirect-using-httpclient-4-1-1



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org