search

mashupbots / socko

A Scala web server powered by Netty networking and AKKA processing.
Other
255 stars 51 forks source link

Headers with the same name are incorrectly overwritten and are not written at all on redirect #116

Open ccankov opened 6 years ago

ccankov commented 6 years ago

When HttpResponseMessage.write is invoked, headers with duplicate names will always be overwritten due to the current implementation of that method:

    HttpResponseMessage.setDateHeader(response)
    headers.foreach { h => response.headers.set(h.name, h.value) }

The current Netty documentation indicates that HttpHeaders.set will have this behavior:

public HttpHeaders set(java.lang.CharSequence name, java.lang.Object value)

Sets a header with the specified name and value. If there is an existing header with the same name, it is removed. If the specified value is not a String, it is converted into a String by Object.toString(), except for Date and Calendar, which are formatted to the date format defined in RFC2616.

This is true regardless of whether the headers were added using Socko's own HttpHeaders.put or HttpHeaders.append. The impact of this is that it is impossible to set multiple cookies with a single response, as one example.

In the case of redirects, the implementation of HttpResponseMessage.redirect does not write specified headers to the response, but instead defaults to only setting the date, location, keepalive, and content_length headers. This requires developers to implement their own redirect functionality in instances where it is necessary to include additional headers on a redirect response.