Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix ApacheHttpClient's handling of request bodies on DELETE, GET, HEAD & OPTIONS requests #5743

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

Xtansia
Copy link
Contributor

@Xtansia Xtansia commented Dec 6, 2024

This is a rework of #5704 that was reverted.

Have modified logic to only use the entity enclosing request type on DELETE, GET, HEAD & OPTIONS when a content stream provider is present, ensuring the previous behavior of no Content-Length header being sent is retained.

Summary copied from previous PR:

Motivation and Context

Though providing request bodies on these HTTP methods is uncommon, it is not disallowed by the spec, and is used in certain Elasticsearch/OpenSearch APIs. Authenticating with Amazon OpenSearch Service can be done via SigV4 and we re-use the SDK's signing logic to provide that in https://github.com/opensearch-project/opensearch-java.
We've received multiple bug reports of users having trouble making certain requests using the ApacheHttpClient (opensearch-project/opensearch-java#712, opensearch-project/opensearch-java#521), where the client itself doesn't complain or error but silently drops the request body resulting in a mismatched signature on the server.
The Netty & CRT Sdk(Async)HttpClient implementations correctly send the request body for all methods, URL Connection does as well with the exception of GET which is hardcoded to swap to POST (and doesn't support PATCH at all).
As such I think it is not harmful to bring the Apache implementation in line with the other client implementations.

Modifications

Generalize the Apache HTTP request factory implementation to attach the request body entity on all HTTP methods.
This matches the original implementations of the separate method classes:

Testing

Added unit tests

Screenshots (if appropriate)

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)

Checklist

  • I have read the CONTRIBUTING document
  • Local run of mvn install succeeds
  • My code follows the code style of this project
  • My change requires a change to the Javadoc documentation
  • I have updated the Javadoc documentation accordingly
  • I have added tests to cover my changes
  • All new and existing tests passed
  • I have added a changelog entry. Adding a new entry must be accomplished by running the scripts/new-change script and following the instructions. Commit the new file created by the script in .changes/next-release with your changes.
  • My change is to implement 1.11 parity feature and I have updated LaunchChangelog

License

  • I confirm that this pull request can be released under the Apache 2 license

@Xtansia Xtansia requested a review from a team as a code owner December 6, 2024 02:36
@Xtansia Xtansia force-pushed the fix/apache-always-pass-request-body branch from c4280c9 to f3542a6 Compare December 6, 2024 02:40
…D & OPTIONS requests (aws#5704)

* Add tests

* Fix ApacheHttpClient's handling of request bodies on DELETE, GET, HEAD & OPTIONS requests

* Fix style

* Handle HttpURLConnection switching GET->POST and not supporting PATCH

* Update protocol test

(cherry picked from commit b2fcb7e)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant