[NIFI-6238] Escape HTTP header names in InvokeHTTP processor - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Abandoned
Affects Version/s: 1.9.2
Fix Version/s: None
Component/s: Extensions
Labels:
- InvokeHTTP
- hostname
- http
- security

Description

HTTP headers are not checked/escaped during `InvokeHTTP.setHeaderProperties`. When applying dynamic properties as HTTP headers, invalid headers break the request, for example "Trusted Host".

In lieu of setting the header name directly, the header name should be escaped and then set.

Attachments

Issue Links

relates to

NIFI-6019 Remove Trusted Hostname property from InvokeHTTP processor

Resolved

Activity

People

Assignee:: Troy Melhase

Reporter:: Troy Melhase

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 23/Apr/19 21:34

Updated:: 19/May/23 13:10

Resolved:: 19/May/23 13:10