Merge pull request #214 from thc202/reduce-request-changes

Reduce changes to HTTP request header
zaproxy · Mar 13, 2020 · c01711b · c01711b
2 parents df71798 + 81946b1
commit c01711b
Show file tree

Hide file tree

Showing 3 changed files with 83 additions and 6 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,7 +5,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
-
+### Changed
+- Reduce the changes done to HTTP request header to the essential (e.g. authentication, HTTP state). [#214](https://github.com/mozilla/zest/pull/214)
 
 ## [0.14.2] - 2020-01-24
 ### Fixed

diff --git a/src/main/java/org/mozilla/zest/impl/ComponentsHttpClient.java b/src/main/java/org/mozilla/zest/impl/ComponentsHttpClient.java
@@ -27,15 +27,23 @@
 import org.apache.http.client.methods.HttpRequestBase;
 import org.apache.http.client.methods.HttpTrace;
 import org.apache.http.client.protocol.HttpClientContext;
+import org.apache.http.client.protocol.RequestAddCookies;
+import org.apache.http.client.protocol.RequestAuthCache;
+import org.apache.http.client.protocol.RequestExpectContinue;
+import org.apache.http.client.protocol.ResponseProcessCookies;
 import org.apache.http.conn.ssl.NoopHostnameVerifier;
 import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
 import org.apache.http.conn.ssl.TrustAllStrategy;
+import org.apache.http.entity.ContentType;
 import org.apache.http.entity.StringEntity;
 import org.apache.http.impl.client.BasicCookieStore;
 import org.apache.http.impl.client.BasicCredentialsProvider;
 import org.apache.http.impl.client.HttpClientBuilder;
 import org.apache.http.impl.client.LaxRedirectStrategy;
 import org.apache.http.impl.cookie.BasicClientCookie;
+import org.apache.http.protocol.HttpProcessorBuilder;
+import org.apache.http.protocol.RequestContent;
+import org.apache.http.protocol.RequestTargetHost;
 import org.apache.http.ssl.SSLContexts;
 import org.apache.http.util.EntityUtils;
 import org.mozilla.zest.core.v1.ZestAuthentication;
@@ -83,6 +91,16 @@ class ComponentsHttpClient implements ZestHttpClient {
     private static HttpClient getHttpClient(boolean skipSSLCertificateCheck) {
         HttpClientBuilder httpClientBuilder = HttpClientBuilder.create();
         httpClientBuilder.setRedirectStrategy(new LaxRedirectStrategy());
+        httpClientBuilder.setHttpProcessor(
+                HttpProcessorBuilder.create()
+                        .addAll(
+                                new RequestContent(),
+                                new RequestTargetHost(),
+                                new RequestExpectContinue(),
+                                new RequestAddCookies(),
+                                new RequestAuthCache())
+                        .add(new ResponseProcessCookies())
+                        .build());
 
         if (skipSSLCertificateCheck) {
             SSLContext sslContext;
@@ -187,7 +205,7 @@ public ZestResponse send(ZestRequest req) throws IOException {
         }
 
         if (method instanceof HttpEntityEnclosingRequestBase) {
-            HttpEntity requestBody = new StringEntity(req.getData());
+            HttpEntity requestBody = new StringEntity(req.getData(), (ContentType) null);
             HttpEntityEnclosingRequestBase methodWithEntity =
                     (HttpEntityEnclosingRequestBase) method;
             methodWithEntity.setEntity(requestBody);

diff --git a/src/test/java/org/mozilla/zest/test/v1/ZestBasicRunnerUnitTest.java b/src/test/java/org/mozilla/zest/test/v1/ZestBasicRunnerUnitTest.java
@@ -89,10 +89,7 @@ public void shouldSendAndReceiveHttpMessage() throws Exception {
         assertThat(request.getTimestamp()).isCloseTo(System.currentTimeMillis(), byLessThan(2000L));
         assertThat(request.getMethod()).isEqualTo(method);
         assertThat(request.getUrl()).isEqualTo(url);
-        // The HTTP client adds some headers to the ZestRequest.
-        String expectedHeaders =
-                headers + "Connection: Keep-Alive\r\nAccept-Encoding: gzip,deflate\r\n";
-        assertThat(request.getHeaders()).isEqualTo(expectedHeaders);
+        assertThat(request.getHeaders()).isEqualTo(headers);
         assertThat(request.getData()).isEqualTo(data);
 
         ZestResponse response = runner.getLastResponse();
@@ -109,6 +106,67 @@ public void shouldSendAndReceiveHttpMessage() throws Exception {
         assertThat(response.getBody()).isEqualTo("This is the response");
     }
 
+    @Test
+    public void shouldSendRequestWithoutGeneratedUserAgentHeader() throws Exception {
+        // Given
+        ZestScript script = new ZestScript();
+        ZestRequest request = new ZestRequest();
+        request.setMethod("GET");
+        request.setUrl(new URL(getServerUrl(PATH_SERVER_FILE)));
+        script.add(request);
+        ZestBasicRunner runner = new ZestBasicRunner();
+        // When
+        runner.run(script, new HashMap<String, String>());
+        // Then
+        assertThat(runner.getLastRequest().getHeaders()).doesNotContain("User-Agent");
+    }
+
+    @Test
+    public void shouldSendRequestWithoutGeneratedContentTypeHeader() throws Exception {
+        // Given
+        ZestScript script = new ZestScript();
+        ZestRequest request = new ZestRequest();
+        request.setMethod("POST");
+        request.setUrl(new URL(getServerUrl(PATH_SERVER_FILE)));
+        request.setData("Content Request Body");
+        script.add(request);
+        ZestBasicRunner runner = new ZestBasicRunner();
+        // When
+        runner.run(script, new HashMap<String, String>());
+        // Then
+        assertThat(runner.getLastRequest().getHeaders()).doesNotContain("Content-Type");
+    }
+
+    @Test
+    public void shouldSendRequestWithoutGeneratedAcceptEncodingHeader() throws Exception {
+        // Given
+        ZestScript script = new ZestScript();
+        ZestRequest request = new ZestRequest();
+        request.setMethod("GET");
+        request.setUrl(new URL(getServerUrl(PATH_SERVER_FILE)));
+        script.add(request);
+        ZestBasicRunner runner = new ZestBasicRunner();
+        // When
+        runner.run(script, new HashMap<String, String>());
+        // Then
+        assertThat(runner.getLastRequest().getHeaders()).doesNotContain("Accept-Encoding");
+    }
+
+    @Test
+    public void shouldSendRequestWithoutGeneratedConnectionHeader() throws Exception {
+        // Given
+        ZestScript script = new ZestScript();
+        ZestRequest request = new ZestRequest();
+        request.setMethod("GET");
+        request.setUrl(new URL(getServerUrl(PATH_SERVER_FILE)));
+        script.add(request);
+        ZestBasicRunner runner = new ZestBasicRunner();
+        // When
+        runner.run(script, new HashMap<String, String>());
+        // Then
+        assertThat(runner.getLastRequest().getHeaders()).doesNotContain("Connection");
+    }
+
     @Test
     public void shouldSendPutRequestWithBody() throws Exception {
         // Given