Though providing request bodies on these HTTP methods is uncommon, it is not disallowed by the spec, and is used in certain Elasticsearch/OpenSearch APIs. Authenticating with Amazon OpenSearch Service can be done via SigV4 and we re-use the SDK's signing logic to provide that in https://github.com/opensearch-project/opensearch-java.
We've received multiple bug reports of users having trouble making certain requests using the ApacheHttpClient (https://github.com/opensearch-project/opensearch-java/issues/712, https://github.com/opensearch-project/opensearch-java/issues/521), where the client itself doesn't complain or error but silently drops the request body resulting in a mismatched signature on the server.
The Netty & CRT Sdk(Async)HttpClient implementations correctly send the request body for all methods, URL Connection does as well with the exception of GET which is hardcoded to swap to POST (and doesn't support PATCH at all).
As such I think it is not harmful to bring the Apache implementation in line with the other client implementations.
Modifications
Generalize the Apache HTTP request factory implementation to attach the request body entity on all HTTP methods.
This matches the original implementations of the separate method classes:
[x] My code follows the code style of this project
[ ] My change requires a change to the Javadoc documentation
[ ] I have updated the Javadoc documentation accordingly
[x] I have added tests to cover my changes
[ ] All new and existing tests passed
[x] I have added a changelog entry. Adding a new entry must be accomplished by running the scripts/new-change script and following the instructions. Commit the new file created by the script in .changes/next-release with your changes.
[ ] My change is to implement 1.11 parity feature and I have updated LaunchChangelog
License
[x] I confirm that this pull request can be released under the Apache 2 license
Motivation and Context
Though providing request bodies on these HTTP methods is uncommon, it is not disallowed by the spec, and is used in certain Elasticsearch/OpenSearch APIs. Authenticating with Amazon OpenSearch Service can be done via SigV4 and we re-use the SDK's signing logic to provide that in https://github.com/opensearch-project/opensearch-java. We've received multiple bug reports of users having trouble making certain requests using the
ApacheHttpClient(https://github.com/opensearch-project/opensearch-java/issues/712, https://github.com/opensearch-project/opensearch-java/issues/521), where the client itself doesn't complain or error but silently drops the request body resulting in a mismatched signature on the server. The Netty & CRTSdk(Async)HttpClientimplementations correctly send the request body for all methods, URL Connection does as well with the exception ofGETwhich is hardcoded to swap toPOST(and doesn't supportPATCHat all). As such I think it is not harmful to bring the Apache implementation in line with the other client implementations.Modifications
Generalize the Apache HTTP request factory implementation to attach the request body entity on all HTTP methods. This matches the original implementations of the separate method classes:
Testing
Added unit tests
Screenshots (if appropriate)
Types of changes
Checklist
mvn installsucceedsscripts/new-changescript and following the instructions. Commit the new file created by the script in.changes/next-releasewith your changes.License