Details
-
Bug
-
Status: Resolved
-
Minor
-
Resolution: Fixed
-
4.4.1
-
None
-
Unknown
Description
If the Exchange already has a header with the name "Authorization" and the OAuth2 feature of camel-http is used, the existing Authorization header is left on the request to the target and a second header with the same name is added.
This very often results in a denied HTTP request (e.g. HTTP 400 Bad Request) as well as conflicts with RFC 7230/7235 for example here: RFC 7230: Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing (rfc-editor.org)
...
A sender MUST NOT generate multiple header fields with the same field name in a message unless either the entire field value for that header field is defined as a comma-separated list i.e., #(values) or the header field is a well-known exception (as noted below).
...
A proposed fix to this is to update the existing header if it already exists instead of always adding a new header (e.g. `request.setHeader()` instead of `request.addHeader()`)
Attachments
Issue Links
- links to