有没有办法使用 HttpClient 在 MICRONAUT 中将 CookieDecoder 设置为 LAX?

Is there a way to set the CookieDecoder to LAX in MICRONAUT using HttpClient?

我正在使用 Micronaut 2.5.3

当我在响应中收到 header 之类的 Set-Cookie: cookie_name=cookie value; expires=Mon, 17-May-2021 09:32:59 GMT; path=/; secure; HttpOnly; samesite=none 且值中包含空格时,控制台会显示警告并以来自 NettyCookies 的 NullPointerException 结束,因为它在 STRICT 模式下解码并失败.

WARN  io.netty.channel.DefaultChannelPipeline - An exceptionCaught() event was fired, and it reached at the tail of the pipeline. It usually means the last handler in the pipeline did not handle the exception.
java.lang.NullPointerException: null
    at io.micronaut.http.netty.cookies.NettyCookies.<init>(NettyCookies.java:78)
    at io.micronaut.http.client.netty.FullNettyClientHttpResponse.<init>(FullNettyClientHttpResponse.java:99)
    at io.micronaut.http.client.netty.DefaultHttpClient.channelReadInstrumented(DefaultHttpClient.java:2204)

最后显示 ReadTimeoutException

io.micronaut.http.client.exceptions.ReadTimeoutException: Read Timeout

    at io.micronaut.http.client.exceptions.ReadTimeoutException.<clinit>(ReadTimeoutException.java:26)
    at io.micronaut.http.client.netty.DefaultHttpClient.lambda$null(DefaultHttpClient.java:1178)
    at io.reactivex.internal.operators.flowable.FlowableOnErrorNext$OnErrorNextSubscriber.onError(FlowableOnErrorNext.java:103)
    at io.micronaut.reactive.rxjava2.RxInstrumentedSubscriber.onError(RxInstrumentedSubscriber.java:66)
    at io.reactivex.internal.operators.flowable.FlowableTimeoutTimed$TimeoutSubscriber.onTimeout(FlowableTimeoutTimed.java:139)
    at io.reactivex.internal.operators.flowable.FlowableTimeoutTimed$TimeoutTask.run(FlowableTimeoutTimed.java:170)
    at io.reactivex.internal.schedulers.ScheduledRunnable.run(ScheduledRunnable.java:66)
    at io.reactivex.internal.schedulers.ScheduledRunnable.call(ScheduledRunnable.java:57)
    at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
    at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304)
    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
    at java.base/java.lang.Thread.run(Thread.java:834)

如果我们检查 NettyCookies 代码,则会使用 STRICT 解码器,returns io.netty.handler.codec.http.cookie.Cookie nettyCookie = ClientCookieDecoder.STRICT.decode(value); 中的空 Cookie。当 this.cookies.put(nettyCookie.name(), new NettyCookie(nettyCookie)); 运行时,抛出 NullPointerException 因为 nettyCookie 为 null

public NettyCookies(HttpHeaders nettyHeaders, ConversionService conversionService) {
        this.conversionService = conversionService;
        if (nettyHeaders != null) {
            List<String> values = nettyHeaders.getAll(HttpHeaderNames.SET_COOKIE);
            if (values != null && !values.isEmpty()) {
                this.cookies = new LinkedHashMap();
                Iterator var4 = values.iterator();

                while(var4.hasNext()) {
                    String value = (String)var4.next();
                    io.netty.handler.codec.http.cookie.Cookie nettyCookie = ClientCookieDecoder.STRICT.decode(value);
                    this.cookies.put(nettyCookie.name(), new NettyCookie(nettyCookie));
                }
            } else {
                this.cookies = Collections.emptyMap();
            }
        } else {
            this.cookies = Collections.emptyMap();
        }

    }

如果我可以使用 LAX 解码器,就不会发生这种情况

无法更改解码方法,因为如果是 LAX,它就是一个安全漏洞。 NPE 的问题已在 Micronaut 2.5.4

中修复