有没有办法使用 HttpClient 在 MICRONAUT 中将 CookieDecoder 设置为 LAX?
Is there a way to set the CookieDecoder to LAX in MICRONAUT using HttpClient?
我正在使用 Micronaut 2.5.3
当我在响应中收到 header 之类的 Set-Cookie: cookie_name=cookie value; expires=Mon, 17-May-2021 09:32:59 GMT; path=/; secure; HttpOnly; samesite=none 且值中包含空格时,控制台会显示警告并以来自 NettyCookies 的 NullPointerException 结束,因为它在 STRICT 模式下解码并失败.
WARN io.netty.channel.DefaultChannelPipeline - An exceptionCaught() event was fired, and it reached at the tail of the pipeline. It usually means the last handler in the pipeline did not handle the exception.
java.lang.NullPointerException: null
at io.micronaut.http.netty.cookies.NettyCookies.<init>(NettyCookies.java:78)
at io.micronaut.http.client.netty.FullNettyClientHttpResponse.<init>(FullNettyClientHttpResponse.java:99)
at io.micronaut.http.client.netty.DefaultHttpClient.channelReadInstrumented(DefaultHttpClient.java:2204)
最后显示 ReadTimeoutException
io.micronaut.http.client.exceptions.ReadTimeoutException: Read Timeout
at io.micronaut.http.client.exceptions.ReadTimeoutException.<clinit>(ReadTimeoutException.java:26)
at io.micronaut.http.client.netty.DefaultHttpClient.lambda$null(DefaultHttpClient.java:1178)
at io.reactivex.internal.operators.flowable.FlowableOnErrorNext$OnErrorNextSubscriber.onError(FlowableOnErrorNext.java:103)
at io.micronaut.reactive.rxjava2.RxInstrumentedSubscriber.onError(RxInstrumentedSubscriber.java:66)
at io.reactivex.internal.operators.flowable.FlowableTimeoutTimed$TimeoutSubscriber.onTimeout(FlowableTimeoutTimed.java:139)
at io.reactivex.internal.operators.flowable.FlowableTimeoutTimed$TimeoutTask.run(FlowableTimeoutTimed.java:170)
at io.reactivex.internal.schedulers.ScheduledRunnable.run(ScheduledRunnable.java:66)
at io.reactivex.internal.schedulers.ScheduledRunnable.call(ScheduledRunnable.java:57)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:834)
如果我们检查 NettyCookies 代码,则会使用 STRICT 解码器,returns io.netty.handler.codec.http.cookie.Cookie nettyCookie = ClientCookieDecoder.STRICT.decode(value); 中的空 Cookie。当 this.cookies.put(nettyCookie.name(), new NettyCookie(nettyCookie)); 运行时,抛出 NullPointerException 因为 nettyCookie 为 null
public NettyCookies(HttpHeaders nettyHeaders, ConversionService conversionService) {
this.conversionService = conversionService;
if (nettyHeaders != null) {
List<String> values = nettyHeaders.getAll(HttpHeaderNames.SET_COOKIE);
if (values != null && !values.isEmpty()) {
this.cookies = new LinkedHashMap();
Iterator var4 = values.iterator();
while(var4.hasNext()) {
String value = (String)var4.next();
io.netty.handler.codec.http.cookie.Cookie nettyCookie = ClientCookieDecoder.STRICT.decode(value);
this.cookies.put(nettyCookie.name(), new NettyCookie(nettyCookie));
}
} else {
this.cookies = Collections.emptyMap();
}
} else {
this.cookies = Collections.emptyMap();
}
}
如果我可以使用 LAX 解码器,就不会发生这种情况
无法更改解码方法,因为如果是 LAX,它就是一个安全漏洞。 NPE 的问题已在 Micronaut 2.5.4
中修复
我正在使用 Micronaut 2.5.3
当我在响应中收到 header 之类的 Set-Cookie: cookie_name=cookie value; expires=Mon, 17-May-2021 09:32:59 GMT; path=/; secure; HttpOnly; samesite=none 且值中包含空格时,控制台会显示警告并以来自 NettyCookies 的 NullPointerException 结束,因为它在 STRICT 模式下解码并失败.
WARN io.netty.channel.DefaultChannelPipeline - An exceptionCaught() event was fired, and it reached at the tail of the pipeline. It usually means the last handler in the pipeline did not handle the exception.
java.lang.NullPointerException: null
at io.micronaut.http.netty.cookies.NettyCookies.<init>(NettyCookies.java:78)
at io.micronaut.http.client.netty.FullNettyClientHttpResponse.<init>(FullNettyClientHttpResponse.java:99)
at io.micronaut.http.client.netty.DefaultHttpClient.channelReadInstrumented(DefaultHttpClient.java:2204)
最后显示 ReadTimeoutException
io.micronaut.http.client.exceptions.ReadTimeoutException: Read Timeout
at io.micronaut.http.client.exceptions.ReadTimeoutException.<clinit>(ReadTimeoutException.java:26)
at io.micronaut.http.client.netty.DefaultHttpClient.lambda$null(DefaultHttpClient.java:1178)
at io.reactivex.internal.operators.flowable.FlowableOnErrorNext$OnErrorNextSubscriber.onError(FlowableOnErrorNext.java:103)
at io.micronaut.reactive.rxjava2.RxInstrumentedSubscriber.onError(RxInstrumentedSubscriber.java:66)
at io.reactivex.internal.operators.flowable.FlowableTimeoutTimed$TimeoutSubscriber.onTimeout(FlowableTimeoutTimed.java:139)
at io.reactivex.internal.operators.flowable.FlowableTimeoutTimed$TimeoutTask.run(FlowableTimeoutTimed.java:170)
at io.reactivex.internal.schedulers.ScheduledRunnable.run(ScheduledRunnable.java:66)
at io.reactivex.internal.schedulers.ScheduledRunnable.call(ScheduledRunnable.java:57)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:304)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:834)
如果我们检查 NettyCookies 代码,则会使用 STRICT 解码器,returns io.netty.handler.codec.http.cookie.Cookie nettyCookie = ClientCookieDecoder.STRICT.decode(value); 中的空 Cookie。当 this.cookies.put(nettyCookie.name(), new NettyCookie(nettyCookie)); 运行时,抛出 NullPointerException 因为 nettyCookie 为 null
public NettyCookies(HttpHeaders nettyHeaders, ConversionService conversionService) {
this.conversionService = conversionService;
if (nettyHeaders != null) {
List<String> values = nettyHeaders.getAll(HttpHeaderNames.SET_COOKIE);
if (values != null && !values.isEmpty()) {
this.cookies = new LinkedHashMap();
Iterator var4 = values.iterator();
while(var4.hasNext()) {
String value = (String)var4.next();
io.netty.handler.codec.http.cookie.Cookie nettyCookie = ClientCookieDecoder.STRICT.decode(value);
this.cookies.put(nettyCookie.name(), new NettyCookie(nettyCookie));
}
} else {
this.cookies = Collections.emptyMap();
}
} else {
this.cookies = Collections.emptyMap();
}
}
如果我可以使用 LAX 解码器,就不会发生这种情况
无法更改解码方法,因为如果是 LAX,它就是一个安全漏洞。 NPE 的问题已在 Micronaut 2.5.4
中修复