Skip to content

HTTPCLIENT-2372 - Normalize HttpHost port comparison to treat implicit default ports as equal #643

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
arturobernalg merged 1 commit into from
Jun 5, 2025
Merged

HTTPCLIENT-2372 - Normalize HttpHost port comparison to treat implicit default ports as equal #643

arturobernalg merged 1 commit into from
Jun 5, 2025

Conversation

@arturobernalg
Copy link
Member

@arturobernalg arturobernalg commented Jun 4, 2025

This change ensures that hosts with implicit default ports (e.g., http://example.com) are treated the same as those explicitly specifying port 80 or 443. It introduces a helper method to derive the “effective” port and updates the authority check to use this normalized value. As a result, sensitive headers are no longer stripped when redirecting between example.com and example.com:80 (or :443 for HTTPS).

@arturobernalg arturobernalg requested a review from ok2c June 4, 2025 19:05
ok2c
ok2c requested changes Jun 5, 2025
View reviewed changes
httpclient5/src/main/java/org/apache/hc/client5/http/impl/DefaultRedirectStrategy.java Outdated
return port1 == port2;
}

private int getEffectivePort(final HttpHost endpoint) {
Copy link
Member

@ok2c ok2c Jun 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@arturobernalg Please use SchemePortResolver to resolve the port of a protocol scheme. Please also use the one created by the builder. See HttpClientBuilder

Copy link
Member Author

@arturobernalg arturobernalg Jun 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ok2c please do another pass

@arturobernalg arturobernalg force-pushed the HTTPCLIENT-2372 branch 2 times, most recently from 9867b91 to c89277e Compare June 5, 2025 10:28
@arturobernalg arturobernalg requested a review from ok2c June 5, 2025 10:54
@arturobernalg arturobernalg merged commit 5cef6ed into apache:master Jun 5, 2025
10 checks passed
ok2c pushed a commit that referenced this pull request Jun 6, 2025
@arturobernalg @ok2c
HTTPCLIENT-2372 - Normalize HttpHost port comparison to treat implici…
9ed51fb 
…t default ports as equal (#643)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ok2c ok2c ok2c approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@arturobernalg @ok2c