You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
When request wrapped by StrictServerWebExchangeFirewall / StrictFirewallHttpRequest is mutated, header sanitization provided by StrictFirewallHttpHeaders is removed
This is due to fact that
HttpHeaders#writabeHttpHeaders implementation is weird, instead of retrieval and copying of header values, it unwraps inner-most multivalue map and uses it in new (mutable) HttpHeaders instance
mutated request uses these new HttpHeaders and does not invoke http headers from delegate
Expected behavior
Mutated request should be protected by StrictFirewallHttpHeaders sanitization.
The text was updated successfully, but these errors were encountered:
Describe the bug
When request wrapped by StrictServerWebExchangeFirewall / StrictFirewallHttpRequest is mutated, header sanitization provided by StrictFirewallHttpHeaders is removed
This is due to fact that
Expected behavior
Mutated request should be protected by StrictFirewallHttpHeaders sanitization.
The text was updated successfully, but these errors were encountered: