How to fix Findbugs HTTP parameter directly written to HTTP header output

问题

I have a class RequestFilter and @Override methods doFilterInternal. And when i add Header for response, findbugs show error HTTP parameter directly written to HTTP header output. So how can i fix this problem? Thanks all.

String rqHd = request.getHeader("Access-Control-Request-Headers");    
response.addHeader("Access-Control-Allow-Headers", rqHd); // findbugs error here

回答1:

I think this is HRS_REQUEST_PARAMETER_TO_HTTP_HEADER error, and you can fix it like that:

String rqHd = request.getHeader("Access-Control-Request-Headers"); 
if(rqHd != null){
    String rqHeader = URLEncoder.encode(rqHd,StandardCharsets.UTF_8.displayName());   
    response.addHeader("Access-Control-Allow-Headers", rqHeader);
}

回答2:

Watch out if you wan't to set ETag header. ETag looks like W/"myetagvalue"

String etagHd = request.getHeader(HttpHeaders.ETAG);    
response.addHeader(HttpHeaders.ETAG,  URLEncoder.encode(etagHd,StandardCharsets.UTF_8.displayName());

Will be encoded W%2F%22myetagvalue%22 be carefull !

来源：https://stackoverflow.com/questions/31539314/how-to-fix-findbugs-http-parameter-directly-written-to-http-header-output

标签

java

Spring

findbugs

易学教程内所有资源均来自网络或用户发布的内容，如有违反法律规定的内容欢迎反馈！
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!