[jboss-jira] [JBoss JIRA] (WFWIP-270) Configured headers can override headers added by the corresponding endpoint
Darran Lofthouse (Jira)
issues at jboss.org
Tue Nov 19 15:16:00 EST 2019
[ https://issues.jboss.org/browse/WFWIP-270?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13815120#comment-13815120 ]
Darran Lofthouse commented on WFWIP-270:
----------------------------------------
TBH no I don't believe it is an important use case, however as I have mentioned it in the analysis testing has been performed.
The primary use case for this RFE is to set headers we don't presently set at all.
In the analysis and community docs I think I will add that call out to say the override is not guaranteed / unspecified - when I added the line in the analysis I was more trying to cover the scenario that we can not prevent the endpoint overriding the header rather than offering a guarantee.
The only two headers for now that are confirmed problematic are "Connection" and "Date" so I will just restrict those.
> Configured headers can override headers added by the corresponding endpoint
> ---------------------------------------------------------------------------
>
> Key: WFWIP-270
> URL: https://issues.jboss.org/browse/WFWIP-270
> Project: WildFly WIP
> Issue Type: Bug
> Components: Security
> Reporter: Tomas Terem
> Assignee: Darran Lofthouse
> Priority: Blocker
> Labels: management
>
> [Analysis document|https://github.com/wildfly/wildfly-proposals/pull/263] says that
> 'Configured headers will not override any headers added by the corresponding endpoint.'
> However, I was able to override Connection and Date headers on /management endpoint.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
More information about the jboss-jira
mailing list