okhttp
okhttp copied to clipboard
Test to confirm that header names are not trimmed
This caused the Go folks some grief. It doesn’t impact us as much (clients control which servers they contact), but it’s good to be careful.
https://groups.google.com/forum/m/#!topic/golang-announce/cszieYyuL9Q
Seems awkward
https://github.com/1184893257/okhttp/blob/master/okhttp-tests/src/test/java/com/squareup/okhttp/internal/http/HeadersTest.java#L136
@Test public void ofTrims() {
Headers headers = Headers.of("\t User-Agent \n", " \r OkHttp ");
assertEquals("User-Agent", headers.name(0));
assertEquals("OkHttp", headers.value(0));
}
https://github.com/1184893257/okhttp/blob/master/okhttp-tests/src/test/java/com/squareup/okhttp/internal/http/HeadersTest.java#L262
@Test public void ofMapTrimsKey() {
Headers headers = Headers.of(singletonMap(" User-Agent ", "OkHttp"));
assertThat(headers.name(0)).isEqualTo("User-Agent");
}
@swankjesse Are you happy that we change the behaviour and tests here? Fix is simple if so, and we just publicise it in our release.
Unclear what action we should take. Note that there’s another potential attack on response headers.