在HTTPClient中重定向时覆盖的标头值 [英] Header values overwritten on redirect in HTTPClient

问题描述

我正在使用httpclient 4.2.5来制作必须处理重定向的http请求。
这是一个了解上下文的小例子：

I'm using httpclient 4.2.5 to make http requests which have to handle redirects as well. Here is a little example to understand the context:

1. A发送http请求（使用httpclient 4.2.5）到B


2. B发送302重定向（包含url到C）回到A


3. A跟随重定向到C


4. C检索请求URL并使用它进行一些工作

1. A sends http request (using httpclient 4.2.5) to B
2. B sends 302 redirect (containing url to C) back to A
3. A follows redirect to C
4. C retrieves request URL and do some work with it

如果C通过 request.getRequestURL解析请求URL（ ）（HttpServlet API）它包含例如来自步骤1的原始请求的主机和端口，这是错误的。

If C parses the request URL by request.getRequestURL() (HttpServlet API) it contains e.g. host and port of the original request from step 1, which is wrong.

第2步中存在问题，其中httpclient处理重定向。它只是将原始请求（步骤1）中的所有标题复制到当前请求（步骤3）。我已经通过grepcode查看了负责任的代码：

DefaultRequestDirector

The problem exists in step 2, where httpclient handles the redirect. It just copies all headers from the original request (step 1) to the current request (step 3). I already had a look at the responsible code, via grepcode:
DefaultRequestDirector

HttpUriRequest redirect = redirectStrategy.getRedirect(request, response, context);
HttpRequest orig = request.getOriginal();
redirect.setHeaders(orig.getAllHeaders());

我真的不明白为什么原始请求的所有标头都被复制到当前请求。< br>
例如使用cURL进行简单的测试是按预期进行的，C将接收正确的主机和端口。

I don't really understand why all headers of the original request are copied to the current request.
E.g. using cURL for a simple test is doing it as expected, C would receive the correct host and port.

实现我自己的重定向策略没有帮助，因为原始标头被复制在它之后。

Implementing my own redirect strategy does not help because the original headers are copied after it.

推荐答案

我尝试使用 HttpClient从bitbucket的下载部分下载文件时遇到了同样的问题。在第一个请求后，bitbucket向CDN发送重定向，如果设置了授权标头，则会投诉。

I had the same problem when trying to download files from bitbucket's download section using HttpClient. After the first request bitbucket sends a redirect to CDN which then complains if the Authorization header is set.

我工作过通过更改 DefaultRedirectStrategy.getRedirect（）方法来返回它，以返回不允许设置授权标头的重定向对象。

I worked around it by changing DefaultRedirectStrategy.getRedirect() method to return redirect object which does not allow Authorization headers to be set.

我使用Scala，所以这里是代码：

I work with Scala so here is the code:

val http = new DefaultHttpClient()
http.setRedirectStrategy(new DefaultRedirectStrategy() {
  override def getRedirect(
    request: HttpRequest, response: HttpResponse, context: HttpContext
  ): HttpRequestBase = {
    val uri: URI = getLocationURI(request, response, context)
    val method: String = request.getRequestLine.getMethod
    if (method.equalsIgnoreCase(HttpHead.METHOD_NAME)) {
      new HttpHead(uri) {
        override def setHeaders(headers: Array[Header]) {
          super.setHeaders(headers.filterNot(_.getName == "Authorization"))
        }
      }
    }
    else {
      new HttpGet(uri) {
        override def setHeaders(headers: Array[Header]) {
          super.setHeaders(headers.filterNot(_.getName == "Authorization"))
        }
      }
    }
  }
})

这篇关于在HTTPClient中重定向时覆盖的标头值的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！