search

microsoft / BCApps

Repository for collaboration on Microsoft Dynamics 365 Business Central applications.
https://microsoft.github.io/BCApps/
MIT License
328 stars 171 forks source link

[Bug]: HttpContent.SetHeader failing when secret header already exists #1479

Open vody opened 5 months ago

vody commented 5 months ago

Describe the issue

The "Http Content" codeunit throws an error message when content is defined from SecretText. 

Error message: 
Cannot add value because the header 'Content-Type' does not support multiple values.

AL call stack: 
"Http Content Impl."(CodeUnit 2355).SetHeader line 12 - System Application by Microsoft
"Http Content Impl."(CodeUnit 2355).SetContentTypeHeader line 4 - System Application by Microsoft
"Http Content Impl."(CodeUnit 2355).SetContent line 6 - System Application by Microsoft
"Http Content"(CodeUnit 2354).SetContent line 2 - System Application by Microsoft
"Http Content"(CodeUnit 2354).Create line 2 - System Application by Microsoft\"Http Content"(CodeUnit 2354).Create line 2 - System Application by Microsoft

This happens because inside "Http Content Impl.".SetHeader procedure Headers.Contains(Name) condition will return false for a secret header, which will be automatically created when we set a content from the SecretText value.

Expected behavior

Content will be defined with a new header without error.

Steps to reproduce

codeunit 50000 SetHeader
{
    trigger OnRun()
    var
        HttpContent: Codeunit "Http Content";
    begin
        HttpContent.Create(SecretStrSubstNo('anything'));
    end;
}

Additional context

No response

I will provide a fix for a bug

JesperSchulz commented 2 months ago

@ajkauffmann has agreed to include this in a pull request he is working on anyway 🥳 I cannot assign it to him (seems I can only assign to people who have been active on the issue), but consider it assigned 😉

ajkauffmann commented 2 months ago

I'm active now. 😊 Yes, happy to take this one!

JesperSchulz commented 2 months ago

And now I could assign you 🥳

vody commented 2 months ago

@ajkauffmann thank you for picking this one. We tried to use it internally to promote open-source contribution within an organization but it was pushed down in priority.

tuschacht commented 1 month ago

Is this issue fixed, because i have the same issue when i try to use a secretbody with Application/JSON as content-type.

If requesting support, please provide the following details to help troubleshooting:

Error message: Cannot add value because header 'Content-Type' does not support multiple values.

Internal session ID: 501f404a-de0f-4dcf-aba3-6e58cd54fd3b

Application Insights session ID: 04d49ecd-dce5-4254-8280-4c7cfb6f8f21

Client activity id: dcade827-4d0e-4725-8da6-d7b7f983ade0

Time stamp on error: 2024-10-25T08:02:59.2329934Z

User telemetry id: 8359f88c-83b9-4270-bc5a-b420f5a31509

AL call stack: "Http Content Impl."(CodeUnit 2355).SetHeader line 12 - System Application by Microsoft "Http Content Impl."(CodeUnit 2355).SetContentTypeHeader line 4 - System Application by Microsoft "Http Content Impl."(CodeUnit 2355).SetContent line 6 - System Application by Microsoft "Http Content"(CodeUnit 2354).SetContent line 2 - System Application by Microsoft "Http Content"(CodeUnit 2354).Create line 2 - System Application by Microsoft

ajkauffmann commented 1 month ago

Yes, a PR will be created next week!

tuschacht commented 1 month ago

Thank you for the Solution, this is just a major issue because i have a Customer who needs this solution ASAP and security is key.

ajkauffmann commented 1 month ago

You can always use a workaround by creating a HttpContent object with the correct and use it with HttpContent.Create(HttpContent). Then you don't have to wait for the PR to be approved and backported to v25.