SEC-1412: Modify DefaultSavedRequest to ignore If-Not-Matched header.
The browser (or at least Firefox) does not send it after a redirect, and it causes problems with Spring's ShallowEtagHeaderFilter if it is stored and returned by the saved request.
This commit is contained in:
Luke Taylor
parent
9bdc012c69
commit
14ae36ac3b
|
|
@ -54,6 +54,8 @@ public class DefaultSavedRequest implements SavedRequest {
|
|||
|
||||
public static final String SPRING_SECURITY_SAVED_REQUEST_KEY = "SPRING_SECURITY_SAVED_REQUEST_KEY";
|
||||
|
||||
private static final String HEADER_IF_NONE_MATCH = "If-None-Match";
|
||||
|
||||
//~ Instance fields ================================================================================================
|
||||
|
||||
private ArrayList<SavedCookie> cookies = new ArrayList<SavedCookie>();
|
||||
|
|
@ -92,6 +94,10 @@ public class DefaultSavedRequest implements SavedRequest {
|
|||
|
||||
while (names.hasMoreElements()) {
|
||||
String name = names.nextElement();
|
||||
// Skip If-None-Match header. SEC-1412.
|
||||
if (HEADER_IF_NONE_MATCH.equalsIgnoreCase(name)) {
|
||||
continue;
|
||||
}
|
||||
Enumeration<String> values = request.getHeaders(name);
|
||||
|
||||
while (values.hasMoreElements()) {
|
||||
|
|
|
|||
|
|
@ -21,6 +21,15 @@ public class DefaultSavedRequestTests {
|
|||
assertEquals("Mozilla", saved.getHeaderValues("user-agent").get(0));
|
||||
}
|
||||
|
||||
// SEC-1412
|
||||
@Test
|
||||
public void discardsIfNoneMatchHeader() throws Exception {
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
request.addHeader("If-None-Match", "somehashvalue");
|
||||
DefaultSavedRequest saved = new DefaultSavedRequest(request, new MockPortResolver(8080, 8443));
|
||||
assertTrue(saved.getHeaderValues("if-none-match").isEmpty());
|
||||
}
|
||||
|
||||
// TODO: Why are parameters case insensitive. I think this is a mistake
|
||||
@Test
|
||||
public void parametersAreCaseInsensitive() throws Exception {
|
||||
|
|
|
|||
Loading…
Reference in New Issue