You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@hc.apache.org by ol...@apache.org on 2020/04/06 15:43:10 UTC

[httpcomponents-client] branch HTTPCLIENT-2074 created (now 5c230b9)

This is an automated email from the ASF dual-hosted git repository.

olegk pushed a change to branch HTTPCLIENT-2074
in repository https://gitbox.apache.org/repos/asf/httpcomponents-client.git.


      at 5c230b9  HTTPCLIENT-2074: disallow direct execution of CONNECT methods by standard client implementations

This branch includes the following new commits:

     new 5c230b9  HTTPCLIENT-2074: disallow direct execution of CONNECT methods by standard client implementations

The 1 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.

[httpcomponents-client] 01/01: HTTPCLIENT-2074: disallow direct execution of CONNECT methods by standard client implementations

Posted by ol...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

olegk pushed a commit to branch HTTPCLIENT-2074
in repository https://gitbox.apache.org/repos/asf/httpcomponents-client.git

commit 5c230b951fa6b042a4bc987c54a8ec7db9c8a726
Author: Oleg Kalnichevski <ol...@apache.org>
AuthorDate: Mon Apr 6 17:42:36 2020 +0200

    HTTPCLIENT-2074: disallow direct execution of CONNECT methods by standard client implementations
---
 .../org/apache/hc/client5/http/impl/async/AsyncProtocolExec.java     | 5 +++++
 .../java/org/apache/hc/client5/http/impl/classic/ProtocolExec.java   | 4 ++++
 2 files changed, 9 insertions(+)

diff --git a/httpclient5/src/main/java/org/apache/hc/client5/http/impl/async/AsyncProtocolExec.java b/httpclient5/src/main/java/org/apache/hc/client5/http/impl/async/AsyncProtocolExec.java
index 11fd40a..362d3f4 100644
--- a/httpclient5/src/main/java/org/apache/hc/client5/http/impl/async/AsyncProtocolExec.java
+++ b/httpclient5/src/main/java/org/apache/hc/client5/http/impl/async/AsyncProtocolExec.java
@@ -107,6 +107,11 @@ public final class AsyncProtocolExec implements AsyncExecChainHandler {
             final AsyncExecChain.Scope scope,
             final AsyncExecChain chain,
             final AsyncExecCallback asyncExecCallback) throws HttpException, IOException {
+
+        if (Method.CONNECT.isSame(request.getMethod())) {
+            throw new ProtocolException("Direct execution of CONNECT is not allowed");
+        }
+
         final HttpRoute route = scope.route;
         final HttpClientContext clientContext = scope.clientContext;
 
diff --git a/httpclient5/src/main/java/org/apache/hc/client5/http/impl/classic/ProtocolExec.java b/httpclient5/src/main/java/org/apache/hc/client5/http/impl/classic/ProtocolExec.java
index 50aee86..53da369 100644
--- a/httpclient5/src/main/java/org/apache/hc/client5/http/impl/classic/ProtocolExec.java
+++ b/httpclient5/src/main/java/org/apache/hc/client5/http/impl/classic/ProtocolExec.java
@@ -107,6 +107,10 @@ public final class ProtocolExec implements ExecChainHandler {
         Args.notNull(request, "HTTP request");
         Args.notNull(scope, "Scope");
 
+        if (Method.CONNECT.isSame(request.getMethod())) {
+            throw new ProtocolException("Direct execution of CONNECT is not allowed");
+        }
+
         final String exchangeId = scope.exchangeId;
         final HttpRoute route = scope.route;
         final HttpClientContext context = scope.clientContext;