Uploaded image for project: 'Red Hat Fuse'
  1. Red Hat Fuse
  2. ENTESB-15326

A request parameter is included as a response header for OPTIONS method(preflight request) reply

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Not a Bug
    • Icon: Major Major
    • fuse-7.9-GA
    • fuse-7.7-GA
    • Camel
    • None
    • False
    • False
    • Undefined
    • Fuse Standalone
    • Hide

      1: on terminal

      $ mvn clean spring-boot:run

      2: on another terminal

      curl -v --location --request OPTIONS 'http://localhost:8080/reproducer/example?id=%E3%80%80'

      expected result:

      • Response header does not contain "id"

      actual result:

      • Response header does contain "id"
      • If a chrome browser sends OPTIONS method, ERR_INVALID_HTTP_RESPONSE error will occurs due to it's "Id" header value.
      Show
      1: on terminal $ mvn clean spring-boot:run 2: on another terminal curl -v --location --request OPTIONS 'http://localhost:8080/reproducer/example?id=%E3%80%80' expected result: Response header does not contain "id" actual result: Response header does contain "id" If a chrome browser sends OPTIONS method, ERR_INVALID_HTTP_RESPONSE error will occurs due to it's "Id" header value.

      This is an issue related with the "enableCORS" option comes with the "restCofiguration".

      Let's say user send an "OPTIONS" request(preflight request) with a request parameter, "id":

      curl -v --location --request OPTIONS 'http://localhost:8080/reproducer/example?id=bob'

      Camel will store this request parameter in Exchange.header.

      The problem is a response for this OPTIONS request.  It contains the request option, "id",  as a response header.
      This behavior will bring ERR_INVALID_HTTP_RESPONSE error on some browser.

      For example, if Japanese character(whitespace) is passed on chrome browser, the ERROR occurs on the browser. 

      In an OPTION request reply, please do not contain request parameter as a response header.

        1. reproducer.tar.gz
          5 kB

              ldemasi Luigi De Masi
              rhn-support-hfuruich Hisao Furuichi
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: