Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit06fc3c1

Browse files
committed
Introduce a config option to use LAX ClientCookieEncoder instead of the default STRICT,closeAsyncHttpClient#1416
Motivation:Some users might not be ready to use the STRICT encoder if their serverrequires invalid cookie values (which is a security issue).Modification:Introduce a config option to switch from STRICT to LAX encoder.Result:Easier migration path when using invalid cookies
1 parentf91f40d commit06fc3c1

File tree

5 files changed

+32
-4
lines changed

5 files changed

+32
-4
lines changed

‎client/src/main/java/org/asynchttpclient/AsyncHttpClientConfig.java‎

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -193,6 +193,11 @@ public interface AsyncHttpClientConfig {
193193
*/
194194
booleanisDisableUrlEncodingForBoundRequests();
195195

196+
/**
197+
* @return true if AHC is to use a LAX cookie encoder, eg accept illegal chars in cookie value
198+
*/
199+
booleanisUseLaxCookieEncoder();
200+
196201
/**
197202
* In the case of a POST/Redirect/Get scenario where the server uses a 302 for the redirect, should AHC respond to the redirect with a GET or whatever the original method was.
198203
* Unless configured otherwise, for a 302, AHC, will use a GET for this case.

‎client/src/main/java/org/asynchttpclient/DefaultAsyncHttpClientConfig.java‎

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -71,6 +71,7 @@ public class DefaultAsyncHttpClientConfig implements AsyncHttpClientConfig {
7171
privatefinalRealmrealm;
7272
privatefinalintmaxRequestRetry;
7373
privatefinalbooleandisableUrlEncodingForBoundRequests;
74+
privatefinalbooleanuseLaxCookieEncoder;
7475
privatefinalbooleandisableZeroCopy;
7576
privatefinalbooleankeepEncodingHeader;
7677
privatefinalProxyServerSelectorproxyServerSelector;
@@ -146,6 +147,7 @@ private DefaultAsyncHttpClientConfig(//
146147
Realmrealm,//
147148
intmaxRequestRetry,//
148149
booleandisableUrlEncodingForBoundRequests,//
150+
booleanuseLaxCookieEncoder,//
149151
booleandisableZeroCopy,//
150152
booleankeepEncodingHeader,//
151153
ProxyServerSelectorproxyServerSelector,//
@@ -222,6 +224,7 @@ private DefaultAsyncHttpClientConfig(//
222224
this.realm =realm;
223225
this.maxRequestRetry =maxRequestRetry;
224226
this.disableUrlEncodingForBoundRequests =disableUrlEncodingForBoundRequests;
227+
this.useLaxCookieEncoder =useLaxCookieEncoder;
225228
this.disableZeroCopy =disableZeroCopy;
226229
this.keepEncodingHeader =keepEncodingHeader;
227230
this.proxyServerSelector =proxyServerSelector;
@@ -336,6 +339,11 @@ public boolean isDisableUrlEncodingForBoundRequests() {
336339
returndisableUrlEncodingForBoundRequests;
337340
}
338341

342+
@Override
343+
publicbooleanisUseLaxCookieEncoder() {
344+
returnuseLaxCookieEncoder;
345+
}
346+
339347
@Override
340348
publicbooleanisDisableZeroCopy() {
341349
returndisableZeroCopy;
@@ -627,6 +635,7 @@ public static class Builder {
627635
privateRealmrealm;
628636
privateintmaxRequestRetry =defaultMaxRequestRetry();
629637
privatebooleandisableUrlEncodingForBoundRequests =defaultDisableUrlEncodingForBoundRequests();
638+
privatebooleanuseLaxCookieEncoder =defaultUseLaxCookieEncoder();
630639
privatebooleandisableZeroCopy =defaultDisableZeroCopy();
631640
privatebooleankeepEncodingHeader =defaultKeepEncodingHeader();
632641
privateProxyServerSelectorproxyServerSelector;
@@ -817,6 +826,11 @@ public Builder setDisableUrlEncodingForBoundRequests(boolean disableUrlEncodingF
817826
returnthis;
818827
}
819828

829+
publicBuildersetUseLaxCookieEncoder(booleanuseLaxCookieEncoder) {
830+
this.useLaxCookieEncoder =useLaxCookieEncoder;
831+
returnthis;
832+
}
833+
820834
publicBuildersetDisableZeroCopy(booleandisableZeroCopy) {
821835
this.disableZeroCopy =disableZeroCopy;
822836
returnthis;
@@ -1147,6 +1161,7 @@ public DefaultAsyncHttpClientConfig build() {
11471161
realm,//
11481162
maxRequestRetry,//
11491163
disableUrlEncodingForBoundRequests,//
1164+
useLaxCookieEncoder,//
11501165
disableZeroCopy,//
11511166
keepEncodingHeader,//
11521167
resolveProxyServerSelector(),//

‎client/src/main/java/org/asynchttpclient/config/AsyncHttpClientConfigDefaults.java‎

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -111,6 +111,10 @@ public static boolean defaultDisableUrlEncodingForBoundRequests() {
111111
returnAsyncHttpClientConfigHelper.getAsyncHttpClientConfig().getBoolean(ASYNC_CLIENT_CONFIG_ROOT +"disableUrlEncodingForBoundRequests");
112112
}
113113

114+
publicstaticbooleandefaultUseLaxCookieEncoder() {
115+
returnAsyncHttpClientConfigHelper.getAsyncHttpClientConfig().getBoolean(ASYNC_CLIENT_CONFIG_ROOT +"useLaxCookieEncoder");
116+
}
117+
114118
publicstaticbooleandefaultUseOpenSsl() {
115119
returnAsyncHttpClientConfigHelper.getAsyncHttpClientConfig().getBoolean(ASYNC_CLIENT_CONFIG_ROOT +"useOpenSsl");
116120
}

‎client/src/main/java/org/asynchttpclient/netty/request/NettyRequestFactory.java‎

Lines changed: 7 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -57,9 +57,11 @@ public final class NettyRequestFactory {
5757
publicstaticfinalStringGZIP_DEFLATE =HttpHeaderValues.GZIP +"," +HttpHeaderValues.DEFLATE;
5858

5959
privatefinalAsyncHttpClientConfigconfig;
60+
privatefinalClientCookieEncodercookieEncoder;
6061

6162
publicNettyRequestFactory(AsyncHttpClientConfigconfig) {
6263
this.config =config;
64+
cookieEncoder =config.isUseLaxCookieEncoder() ?ClientCookieEncoder.LAX :ClientCookieEncoder.STRICT;
6365
}
6466

6567
privateNettyBodybody(Requestrequest,booleanconnect) {
@@ -107,7 +109,7 @@ private NettyBody body(Request request, boolean connect) {
107109
nettyBody =newNettyInputStreamBody(inStreamGenerator.getInputStream(),inStreamGenerator.getContentLength());
108110

109111
}elseif (request.getBodyGenerator()instanceofReactiveStreamsBodyGenerator) {
110-
ReactiveStreamsBodyGeneratorreactiveStreamsBodyGenerator = (ReactiveStreamsBodyGenerator)request.getBodyGenerator();
112+
ReactiveStreamsBodyGeneratorreactiveStreamsBodyGenerator = (ReactiveStreamsBodyGenerator)request.getBodyGenerator();
111113
nettyBody =newNettyReactiveStreamsBody(reactiveStreamsBodyGenerator.getPublisher(),reactiveStreamsBodyGenerator.getContentLength());
112114

113115
}elseif (request.getBodyGenerator() !=null) {
@@ -167,16 +169,17 @@ public NettyRequest newNettyRequest(Request request, boolean forceConnect, Proxy
167169
// assign headers as configured on request
168170
headers.set(request.getHeaders());
169171

170-
if (isNonEmpty(request.getCookies()))
171-
headers.set(COOKIE,ClientCookieEncoder.STRICT.encode(request.getCookies()));
172+
if (isNonEmpty(request.getCookies())) {
173+
headers.set(COOKIE,cookieEncoder.encode(request.getCookies()));
174+
}
172175

173176
StringuserDefinedAcceptEncoding =headers.get(ACCEPT_ENCODING);
174177
if (userDefinedAcceptEncoding !=null) {
175178
// we don't support Brotly ATM
176179
if (userDefinedAcceptEncoding.endsWith(BROTLY_ACCEPT_ENCODING_SUFFIX)) {
177180
headers.set(ACCEPT_ENCODING,userDefinedAcceptEncoding.subSequence(0,userDefinedAcceptEncoding.length() -BROTLY_ACCEPT_ENCODING_SUFFIX.length()));
178181
}
179-
182+
180183
}elseif (config.isCompressionEnforced()) {
181184
headers.set(ACCEPT_ENCODING,GZIP_DEFLATE);
182185
}

‎client/src/main/resources/ahc-default.properties‎

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,7 @@ org.asynchttpclient.strict302Handling=false
2121
org.asynchttpclient.keepAlive=true
2222
org.asynchttpclient.maxRequestRetry=5
2323
org.asynchttpclient.disableUrlEncodingForBoundRequests=false
24+
org.asynchttpclient.useLaxCookieEncoder=false
2425
org.asynchttpclient.removeQueryParamOnRedirect=true
2526
org.asynchttpclient.useOpenSsl=false
2627
org.asynchttpclient.useInsecureTrustManager=false

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp