RFR: 8326949: Authorization header is removed when a proxy Authenticator is set on HttpClient
Michael McMahon
michaelm at openjdk.org
Wed Oct 2 09:17:36 UTC 2024
On Tue, 1 Oct 2024 15:32:27 GMT, Daniel Fuchs <dfuchs at openjdk.org> wrote:
> > I was thinking this needed a CSR and release note anyway.
>
> true - but the risk of causing regression in existing code might be higher?
Maybe, but it seems unlikely that existing code would set an authenticator object and also set an authentication header which ends up not being used. Any code that sets an authentication header is probably using valid credentials I would think.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/21249#issuecomment-2388000914
More information about the net-dev
mailing list