Java – resttemplate does not pass the origin header

Java

I'm trying to use spring's resttemplate for cross - source requests Communication is done between two spring boot webapps, both running on localhost but on different ports What I did was:

HttpHeaders httpHeaders = new HttpHeaders();
httpHeaders.setOrigin("http://localhost:8083");
httpHeaders.add("Authorization",token);

httpentity<Void> httpentity = new httpentity<>(httpHeaders);

ParameterizedTypeReference<List<MyObj>> beanType = new ParameterizedTypeReference<List<MyObj>>() {};
ResponseEntity<List<MyObj>> list = restTemplate.exchange(serviceURL,HttpMethod.GET,httpentity,beanType);

Executing the call, the "authorization" title is passed well, but no matter what I try, the receiver has no "origin" title When I create a similar request using other tools (soapUI, restclient chrome plug-in, etc.), the title is passed as I provided

To print all headers on the receiving side, I'm using javax servlet. Implementation of filter:

public void doFilter(ServletRequest req,ServletResponse res,FilterChain chain)
        throws IOException,ServletException {
    HttpServletRequest request = (HttpServletRequest) req;
    HttpServletResponse response = (HttpServletResponse) res;
    Enumeration<String> headerNames = request.getHeaderNames();
    while (headerNames.hasMoreElements()) {
        String headerName = headerNames.nextElement();
        log.info(headerName + ": " + request.getHeader(headerName));
    }
}

Why not pass the origin header when using resttemplate?

Solution

It took me a century to fix the same problem

The root cause is this line from the resttemplate document

If you check the source code of the httpurlconnection class in Java, you will find it in the following code block, and the header origin is one of the restricted headers that cannot be changed:

/*
 * Restrict setting of request headers through the public api
 * consistent with JavaScript XMLHttpRequest2 with a few
 * exceptions. Disallowed headers are silently ignored for
 * backwards compatibility reasons rather than throwing a
 * SecurityException. For example,some applets set the
 * Host header since old JREs did not implement HTTP 1.1.
 * Additionally,any header starting with Sec- is
 * disallowed.
 *
 * The following headers are allowed for historical reasons:
 *
 * Accept-Charset,Accept-Encoding,Cookie,Cookie2,Date,* Referer,TE,User-Agent,headers beginning with Proxy-.
 *
 * The following headers are allowed in a limited form:
 *
 * Connection: close
 *
 * See http://www.w3.org/TR/XMLHttpRequest2.
 */
 private static final boolean allowRestrictedHeaders;
 private static final Set<String> restrictedHeaderSet;
 private static final String[] restrictedHeaders = {
    /* Restricted by XMLHttpRequest2 */
    //"Accept-Charset",//"Accept-Encoding","Access-Control-Request-Headers","Access-Control-Request-Method","Connection",/* close is allowed */
    "Content-Length",//"Cookie",//"Cookie2","Content-@R_777_301@",//"Date",//"Expect","Host","Keep-Alive","Origin",// "Referer",// "TE","Trailer","@R_777_301@","Upgrade",//"User-Agent","Via"
};

This problem can be easily solved by setting JVM parameters

-Dsun.net.http.allowRestrictedHeaders=true

Or add a line to the code

System.setProperty("sun.net.http.allowRestrictedHeaders","true");

This suppresses restrictions

The content of this article comes from the network collection of netizens. It is used as a learning reference. The copyright belongs to the original author.
THE END
分享
二维码
< <上一篇
下一篇>>