在HTTPClient中重定向时覆盖的标头值 [英] Header values overwritten on redirect in HTTPClient
问题描述
我正在使用httpclient 4.2.5来制作必须处理重定向的http请求。
这是一个了解上下文的小例子:
I'm using httpclient 4.2.5 to make http requests which have to handle redirects as well. Here is a little example to understand the context:
- A发送http请求(使用httpclient 4.2.5)到B
- B发送302重定向(包含url到C)回到A
- A跟随重定向到C
- C检索请求URL并使用它进行一些工作
- A sends http request (using httpclient 4.2.5) to B
- B sends 302 redirect (containing url to C) back to A
- A follows redirect to C
- C retrieves request URL and do some work with it
如果C通过 request.getRequestURL解析请求URL( )
(HttpServlet API)它包含例如来自步骤1的原始请求的主机和端口,这是错误的。
If C parses the request URL by request.getRequestURL()
(HttpServlet API) it contains e.g. host and port of the original request from step 1, which is wrong.
第2步中存在问题,其中httpclient处理重定向。它只是将原始请求(步骤1)中的所有标题复制到当前请求(步骤3)。我已经通过grepcode查看了负责任的代码:
DefaultRequestDirector
The problem exists in step 2, where httpclient handles the redirect. It just copies all headers from the original request (step 1) to the current request (step 3). I already had a look at the responsible code, via grepcode:
DefaultRequestDirector
HttpUriRequest redirect = redirectStrategy.getRedirect(request, response, context);
HttpRequest orig = request.getOriginal();
redirect.setHeaders(orig.getAllHeaders());
我真的不明白为什么原始请求的所有标头都被复制到当前请求。< br>
例如使用cURL进行简单的测试是按预期进行的,C将接收正确的主机和端口。
I don't really understand why all headers of the original request are copied to the current request.
E.g. using cURL for a simple test is doing it as expected, C would receive the correct host and port.
实现我自己的重定向策略没有帮助,因为原始标头被复制在它之后。
Implementing my own redirect strategy does not help because the original headers are copied after it.
推荐答案
我尝试使用 HttpClient从bitbucket的下载部分下载文件时遇到了同样的问题
。在第一个请求后,bitbucket向CDN发送重定向,如果设置了授权
标头,则会投诉。
I had the same problem when trying to download files from bitbucket's download section using HttpClient
. After the first request bitbucket sends a redirect to CDN which then complains if the Authorization
header is set.
我工作过通过更改 DefaultRedirectStrategy.getRedirect()
方法来返回它,以返回不允许设置授权
标头的重定向对象。
I worked around it by changing DefaultRedirectStrategy.getRedirect()
method to return redirect object which does not allow Authorization
headers to be set.
我使用Scala,所以这里是代码:
I work with Scala so here is the code:
val http = new DefaultHttpClient()
http.setRedirectStrategy(new DefaultRedirectStrategy() {
override def getRedirect(
request: HttpRequest, response: HttpResponse, context: HttpContext
): HttpRequestBase = {
val uri: URI = getLocationURI(request, response, context)
val method: String = request.getRequestLine.getMethod
if (method.equalsIgnoreCase(HttpHead.METHOD_NAME)) {
new HttpHead(uri) {
override def setHeaders(headers: Array[Header]) {
super.setHeaders(headers.filterNot(_.getName == "Authorization"))
}
}
}
else {
new HttpGet(uri) {
override def setHeaders(headers: Array[Header]) {
super.setHeaders(headers.filterNot(_.getName == "Authorization"))
}
}
}
}
})
这篇关于在HTTPClient中重定向时覆盖的标头值的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!