RFR [12]: 8203850: java.net.http HTTP client should allow specifying Origin and Referer headers
Michael McMahon
michael.x.mcmahon at oracle.com
Mon Oct 15 15:29:48 UTC 2018
Hi,
We haven't changed anything related to the From header. Are you
suggesting that "From"
should be removed from the restricted list also?
- Michael
On 11/10/2018, 23:17, Thomas Lußnig wrote:
>
> Hi,
>
> i did an quick check of the change:
>
> From:
> - E-Mail-Adresse des Nutzers, der die Anfrage stellte (heute
> unüblich). RFC 2616 <https://tools.ietf.org/html/rfc2616> sagt hierzu,
> dass der |From:| /nicht/ ohne ausdrückliche Genehmigung des Nutzers
> gesendet werden darf.
>
> Why this is now allowed to be sent? Is it not possible that some
> server require it for authentication in B2B scenarios?
>
> With the other header i would agree since they are technical or like
> "Warning" not really used i think.
>
>
> Gruß Thomas
>
>
> On 11.10.2018 14:58:02, Daniel Fuchs wrote:
>> Looks good to me Michael.
>>
>> You should be able to easily add new test cases for Origin and
>> Referer to test/jdk/java/net/SpecialHeadersTest.java too.
>>
>> best regards,
>>
>> -- daniel
>>
>> On 11/10/2018 13:28, Michael McMahon wrote:
>>> Could I get the following fix reviewed please?
>>>
>>> http://cr.openjdk.java.net/~michaelm/8203850/webrev.1/
>>>
>>> Thanks,
>>>
>>> Michael
>>>
>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openjdk.java.net/pipermail/net-dev/attachments/20181015/0c197065/attachment.html>
More information about the net-dev
mailing list