RFR: 8359709: java.net.HttpURLConnection sends unexpected "Host" request header in some cases after JDK-8344190
Volkan Yazici
vyazici at openjdk.org
Tue Jun 17 07:38:27 UTC 2025
On Tue, 17 Jun 2025 06:55:38 GMT, Jaikiran Pai <jpai at openjdk.org> wrote:
> Can I please get a review for this change which addresses a regression that was introduced in `HttpURLConnection` in Java 24 when we cleaned up the code by removing the references to SecurityManager APIs.
>
> When a HTTP request is issued through `java.net.HttpURLConnection`, then the request URL is used to determine the `Host` header to set in the request. By default, the application cannot set a `Host` header to a different value. However the JDK allows a system property to be enabled to allow applications to explicitly set a `Host` request header when issuing the request.
>
> Due to an oversight in the change that was done in https://bugs.openjdk.org/browse/JDK-8344190, the `Host` header that is set by the application, may not get used for that request causing this regression. Turns out we don't have tests in this area to catch this issue.
>
> The commit in this PR fixes the regression and also introduces a new jtreg test which reproduces the issue and verifies the fix.
>
> I've also checked the original change which introduced this regression https://github.com/openjdk/jdk/pull/22232 to see if there's anything else that needs attention. I haven't stopped anything else.
Marked as reviewed by vyazici (Committer).
test/jdk/java/net/HttpURLConnection/HostHeaderTest.java line 68:
> 66: final InetSocketAddress addr = new InetSocketAddress(InetAddress.getLoopbackAddress(), 0);
> 67: server = HttpServer.create(addr, 0);
> 68: server.createContext("/", new Handler());
I think it might be a good idea to salt the handler path a bit (e.g., with the class name) to avoid unexpected connections from tests running in parallel.
-------------
PR Review: https://git.openjdk.org/jdk/pull/25844#pullrequestreview-2934464465
PR Review Comment: https://git.openjdk.org/jdk/pull/25844#discussion_r2151532528
More information about the net-dev
mailing list