Details
-
Bug
-
Status: Closed
-
Blocker
-
Resolution: Fixed
-
None
-
None
-
None
Description
When Solr receives a request for a collection not hosted on the current node, HttpSolrCall forwards/proxies that request - but the final response for the client can include duplicate response headers - one header from the remote node that ultimately handled the request, and a second copy of the header added by the current node...
# create a simple 2 node cluster... $ ./bin/solr -e cloud -noprompt # ... $ curl 'http://localhost:8983/solr/admin/collections?action=CREATE&name=solo&numShards=1&nrtReplicas=1' # ... # node 8983 is the node currently hosting the only replica of the 'solo' collection, and responds to requests directly... # $ curl -S -s -D - -o /dev/null http://localhost:8983/solr/solo/select HTTP/1.1 200 OK Content-Security-Policy: default-src 'none'; base-uri 'none'; connect-src 'self'; form-action 'self'; font-src 'self'; frame-ancestors 'none'; img-src 'self'; media-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self'; worker-src 'self'; X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Content-Type: application/json;charset=utf-8 Content-Length: 169 # node 7574 does not host a replica, and forwards requests for it to 8983 # the response the client gets from 7574 has several security related headers duplicated... # $ curl -S -s -D - -o /dev/null http://localhost:7574/solr/solo/select HTTP/1.1 200 OK Content-Security-Policy: default-src 'none'; base-uri 'none'; connect-src 'self'; form-action 'self'; font-src 'self'; frame-ancestors 'none'; img-src 'self'; media-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self'; worker-src 'self'; X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Content-Security-Policy: default-src 'none'; base-uri 'none'; connect-src 'self'; form-action 'self'; font-src 'self'; frame-ancestors 'none'; img-src 'self'; media-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self'; worker-src 'self'; X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block Content-Type: application/json;charset=utf-8 Content-Length: 197
Attachments
Attachments
Issue Links
- fixes
-
SOLR-14896 jetty "Bad Message 400" / "Illegal character" responses to sporadic requests
- Closed
- is related to
-
SOLR-14897 HttpSolrCall will forward a virtually unlimited number of times until ClusterState ZkWatcher is updated after collection delete
- Closed
-
SOLR-14896 jetty "Bad Message 400" / "Illegal character" responses to sporadic requests
- Closed