Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Avoid copying sensitive headers when copying a Request.

This commit is contained in:
Simone Bordet 2013-01-16 15:07:32 +01:00
parent 6cbac985e5
commit 386fafe790
1 changed files with 13 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
jetty-client/src/main/java/org/eclipse/jetty/client/HttpClient.java
View File

@ -43,7 +43,6 @@ import java.util.concurrent.ExecutionException;
import java.util.concurrent.Executor;
import java.util.concurrent.Future;
import java.util.concurrent.TimeoutException;
import javax.net.ssl.SSLEngine;
import org.eclipse.jetty.client.api.AuthenticationStore;
@ -402,6 +401,19 @@ public class HttpClient extends ContainerLifeCycle
if (HttpHeader.HOST == header.getHeader())
continue;
// Remove expectation headers
if (HttpHeader.EXPECT == header.getHeader())
continue;
// Remove cookies
if (HttpHeader.COOKIE == header.getHeader())
continue;
// Remove authorization headers
if (HttpHeader.AUTHORIZATION == header.getHeader() ||
HttpHeader.PROXY_AUTHORIZATION == header.getHeader())
continue;
newRequest.header(header.getName(), header.getValue());
}
return newRequest;