You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hc.apache.org by ol...@apache.org on 2020/04/06 15:43:10 UTC
[httpcomponents-client] branch HTTPCLIENT-2074 created (now 5c230b9)
This is an automated email from the ASF dual-hosted git repository.
olegk pushed a change to branch HTTPCLIENT-2074
in repository https://gitbox.apache.org/repos/asf/httpcomponents-client.git.
at 5c230b9 HTTPCLIENT-2074: disallow direct execution of CONNECT methods by standard client implementations
This branch includes the following new commits:
new 5c230b9 HTTPCLIENT-2074: disallow direct execution of CONNECT methods by standard client implementations
The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
[httpcomponents-client] 01/01: HTTPCLIENT-2074: disallow direct
execution of CONNECT methods by standard client implementations
Posted by ol...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
olegk pushed a commit to branch HTTPCLIENT-2074
in repository https://gitbox.apache.org/repos/asf/httpcomponents-client.git
commit 5c230b951fa6b042a4bc987c54a8ec7db9c8a726
Author: Oleg Kalnichevski <ol...@apache.org>
AuthorDate: Mon Apr 6 17:42:36 2020 +0200
HTTPCLIENT-2074: disallow direct execution of CONNECT methods by standard client implementations
---
.../org/apache/hc/client5/http/impl/async/AsyncProtocolExec.java | 5 +++++
.../java/org/apache/hc/client5/http/impl/classic/ProtocolExec.java | 4 ++++
2 files changed, 9 insertions(+)
diff --git a/httpclient5/src/main/java/org/apache/hc/client5/http/impl/async/AsyncProtocolExec.java b/httpclient5/src/main/java/org/apache/hc/client5/http/impl/async/AsyncProtocolExec.java
index 11fd40a..362d3f4 100644
--- a/httpclient5/src/main/java/org/apache/hc/client5/http/impl/async/AsyncProtocolExec.java
+++ b/httpclient5/src/main/java/org/apache/hc/client5/http/impl/async/AsyncProtocolExec.java
@@ -107,6 +107,11 @@ public final class AsyncProtocolExec implements AsyncExecChainHandler {
final AsyncExecChain.Scope scope,
final AsyncExecChain chain,
final AsyncExecCallback asyncExecCallback) throws HttpException, IOException {
+
+ if (Method.CONNECT.isSame(request.getMethod())) {
+ throw new ProtocolException("Direct execution of CONNECT is not allowed");
+ }
+
final HttpRoute route = scope.route;
final HttpClientContext clientContext = scope.clientContext;
diff --git a/httpclient5/src/main/java/org/apache/hc/client5/http/impl/classic/ProtocolExec.java b/httpclient5/src/main/java/org/apache/hc/client5/http/impl/classic/ProtocolExec.java
index 50aee86..53da369 100644
--- a/httpclient5/src/main/java/org/apache/hc/client5/http/impl/classic/ProtocolExec.java
+++ b/httpclient5/src/main/java/org/apache/hc/client5/http/impl/classic/ProtocolExec.java
@@ -107,6 +107,10 @@ public final class ProtocolExec implements ExecChainHandler {
Args.notNull(request, "HTTP request");
Args.notNull(scope, "Scope");
+ if (Method.CONNECT.isSame(request.getMethod())) {
+ throw new ProtocolException("Direct execution of CONNECT is not allowed");
+ }
+
final String exchangeId = scope.exchangeId;
final HttpRoute route = scope.route;
final HttpClientContext context = scope.clientContext;