HttpClient Headers
Michael McMahon
michael.x.mcmahon at oracle.com
Fri Oct 5 10:18:16 UTC 2018
Hi Thomas,
Yes, I just looked at RFC7231 (section 5.5.2) and while there are
security implications
of usage of the 'Referer' header, the HTTP client library does not have
the relevant context
to decide whether it should be set or not. My view is that this is the
responsibility of
the calling code. We will probably do a review of all of these
restricted headers and
then propose a change to this area.
Thanks,
Michael.
On 04/10/2018, 18:41, Thomas Lußnig wrote:
> Hi,
>
> i have an question about the new HttpClient from JDK11.
>
> Is there any good reason that the Referer header is restricted?
> Because i have scenarios where the customer server expect Referer
> header in the Login sequence.
> So is there any way how to set restricted headers?
>
>
> Gruß Thomas
>
> On 14.08.2018 15:59:51, Michael McMahon wrote:
>> Hi,
>>
>> This is an important fix for 11 which addresses the problem where
>> HTTP/1.0
>> responses that do not include a content-length header are not handled
>> correctly.
>>
>> http://cr.openjdk.java.net/~michaelm/8207966/webrev.2/index.html
>>
>> Thanks,
>> Michael.
>>
More information about the net-dev
mailing list