Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The Content-Type is added multiple time but it is a singleton field as per Spec #7268

Closed
TharmiganK opened this issue Oct 15, 2024 · 2 comments · Fixed by ballerina-platform/module-ballerina-http#2178
Closed

The Content-Type is added multiple time but it is a singleton field as per Spec #7268

TharmiganK opened this issue Oct 15, 2024 · 2 comments · Fixed by ballerina-platform/module-ballerina-http#2178
Assignees
@TharmiganK
Labels
module/http Priority/Highest Reason/EngineeringMistake The issue occurred due to a mistake made in the past. Team/PCM Protocol connector packages related issues Type/Bug

Comments

@TharmiganK
Copy link
Contributor

TharmiganK commented Oct 15, 2024
edited
Loading

Description:

$Subject

As per RFC 9110:

Although Content-Type is defined as a singleton field, it is sometimes incorrectly generated multiple times, resulting in a combined field value that appears to be a list. Recipients often attempt to handle this error by using the last syntactically valid member of the list, leading to potential interoperability and security issues if different implementations have different error handling behaviors.

Steps to reproduce:

  • Backend:
import ballerina/http;

service /backend on new http:Listener(9091) {

    resource function get path(@http:Header {name: http:CONTENT_TYPE} string[] contentType) returns string[] {
        return contentType;
    }
}
  • Passthrough:
import ballerina/http;

http:Client clientEP = check new("http://localhost:9091", httpVersion = http:HTTP_1_1);

service /api on new http:Listener(9090) {

    resource function get path(http:Request req) returns http:Response|error {
        req.addHeader(http:CONTENT_TYPE, "application/xml");
        return clientEP->execute(http:GET,"/backend/path",  req);
    }
}

Run both services by enabling the trace logs

Make a cURL request to the passthrough service with a Content-Type header:

$ curl -v http://localhost:9090/api/path -H "Content-Type: application/json"

In the trace logs of the backend you can see that the Content-Type header is added twice:

[2024-10-15 13:46:09,078] TRACE {http.tracelog.downstream} - [id: 0x8ba02c51, correlatedSource: n/a, host:/127.0.0.1:9091 - remote:/127.0.0.1:54856] INBOUND: DefaultHttpRequest(decodeResult: success, version: HTTP/1.1)
GET /backend/path HTTP/1.1
Accept: */*
Content-Type: application/json
content-type: application/xml
user-agent: curl/8.7.1
host: localhost:9091
connection: keep-alive

According to the spec the value should be overwritten
@TharmiganK TharmiganK added Type/Bug module/http Team/PCM Protocol connector packages related issues Priority/Highest labels Oct 15, 2024
@TharmiganK TharmiganK changed the title Headers with same name are written individually rather than combined into a list The Content-Type is added multiple time but it is a singleton field as per Spec Oct 15, 2024
@TharmiganK
Copy link
Contributor Author

The addHeader should use setHeader internally to overwrite the Content-Type header

@TharmiganK TharmiganK mentioned this issue Oct 15, 2024
Merged
6 tasks
@TharmiganK TharmiganK self-assigned this Oct 15, 2024
This was referenced Oct 15, 2024
Merged
Merged
@github-actions GitHub Actions
Copy link

This issue is NOT closed with a proper Reason/ label. Make sure to add proper reason label before closing. Please add or leave a comment with the proper reason label now.

      - Reason/EngineeringMistake - The issue occurred due to a mistake made in the past.
      - Reason/Regression - The issue has introduced a regression.
      - Reason/MultipleComponentInteraction - Issue occured due to interactions in multiple components.
      - Reason/Complex - Issue occurred due to complex scenario.
      - Reason/Invalid - Issue is invalid.
      - Reason/Other - None of the above cases.

@TharmiganK TharmiganK added the Reason/EngineeringMistake The issue occurred due to a mistake made in the past. label Oct 16, 2024
This was referenced Oct 16, 2024
Merged
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@TharmiganK TharmiganK

Labels
module/http Priority/Highest Reason/EngineeringMistake The issue occurred due to a mistake made in the past. Team/PCM Protocol connector packages related issues Type/Bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix Content-Type header duplication via addHeader method ballerina-platform/module-ballerina-http
1 participant
@TharmiganK