Hi Pierre,
Thanks for reporting this issue, and thanks for the detailed
explanations. We will have a look at this.
My first thought is that the fix might be a bit more complex
than what you are suggesting here - since we might want
to let a user cookie override the value of a system cookie.
So we might need to fix `collectCookies` to allow for that too.
This probably needs some further investigation.
best regards,
-- daniel
On 08/11/2021 06:32, pierre.vi...@postfinance.ch wrote:
Hi
I have filled a bug report for a problem with Cookie in HttpClient and
following bug was opened now:
Issue: https://bugs.openjdk.java.net/browse/JDK-8276774
<https://bugs.openjdk.java.net/browse/JDK-8276774>
Proposal to solve the problem for Http/1.1:
·Class jdk/internal/net/http/Http1Request.java, Method collectHeaders0
·Replace line 112 with: HttpHeaders filteredSystemHeaders
=HttpHeaders.of(systemHeaders.map(), (k,v) ->uh.firstValue(k).isEmpty());
·Replace line 118 with: collectHeaders1(sb, filteredSystemHeaders,
nocookies);
The idea is that the line 127: “collectCookies(sb, systemHeaders,
userHeaders);” will then use the real system headers containing the
Cookie header with the cookies from the CookieManager, and so we should
collect both cookies from userHeaders and from systemHeaders together.
Could someone please check this and perform the fix ?
Note that the same problem probably impacts the HTTP/2 implementation as
the same filter is used in
jdk.internal.net.http.Stream.headerFrame(long) at line 658
sysh =HttpHeaders.of(sysh.map(), (k,v) ->uh.firstValue(k).isEmpty());
So we should check this case, too.
Regards,
Pierre
Remarque concernant la sécurité: Ce courriel provenant de PostFinance
est signé. Vous trouverez d'autres informations à ce sujet sous:
https://www.postfinance.ch/e-signature. Ne divulguez jamais vos éléments
de sécurité à des tiers.
