From 0fd38252129c76b74e31854bc5b195f34a54ceed Mon Sep 17 00:00:00 2001 From: TharmiganK Date: Tue, 15 Oct 2024 17:37:50 +0530 Subject: [PATCH 1/5] Update add header method to handle content-type headers --- ballerina/http2_push_promise.bal | 6 +++++- ballerina/http_request.bal | 9 +++++++-- ballerina/http_response.bal | 7 ++++++- 3 files changed, 18 insertions(+), 4 deletions(-) diff --git a/ballerina/http2_push_promise.bal b/ballerina/http2_push_promise.bal index 1c0540faf4..795d441b03 100644 --- a/ballerina/http2_push_promise.bal +++ b/ballerina/http2_push_promise.bal @@ -59,11 +59,15 @@ public class PushPromise { return externPromiseGetHeaders(self, headerName); } - # Adds the specified key/value pair as an HTTP header to the `http:PushPromise`. + # Adds the specified key/value pair as an HTTP header to the `http:PushPromise`. In the case of the `Content-Type` + # header, the existing value is replaced with the specified value. # # + headerName - The header name # + headerValue - The header value public isolated function addHeader(string headerName, string headerValue) { + if headerName.equalsIgnoreCaseAscii(CONTENT_TYPE) { + return externPromiseSetHeader(self, headerName, headerValue); + } return externPromiseAddHeader(self, headerName, headerValue); } diff --git a/ballerina/http_request.bal b/ballerina/http_request.bal index 9a1f35051a..3d5de29bab 100644 --- a/ballerina/http_request.bal +++ b/ballerina/http_request.bal @@ -164,12 +164,17 @@ public class Request { externRequestSetHeader(self, headerName, headerValue); } - # Adds the specified header to the request. Existing header values are not replaced. Panic if an illegal header is passed. + # Adds the specified header to the request. Existing header values are not replaced, except for the `Content-Type` + # header. In the case of the `Content-Type` header, the existing value is replaced with the specified value. + # Panic if an illegal header is passed. # # + headerName - The header name # + headerValue - The header value public isolated function addHeader(string headerName, string headerValue) { - externRequestAddHeader(self, headerName, headerValue); + if headerName.equalsIgnoreCaseAscii(CONTENT_TYPE) { + return externRequestSetHeader(self, headerName, headerValue); + } + return externRequestAddHeader(self, headerName, headerValue); } # Removes the specified header from the request. diff --git a/ballerina/http_response.bal b/ballerina/http_response.bal index e1f9c08ad1..002621e8f3 100644 --- a/ballerina/http_response.bal +++ b/ballerina/http_response.bal @@ -109,13 +109,18 @@ public class Response { return externResponseGetHeader(self, headerName, position); } - # Adds the specified header to the response. Existing header values are not replaced. Panic if an illegal header is passed. + # Adds the specified header to the response. Existing header values are not replaced, except for the `Content-Type` + # header. In the case of the `Content-Type` header, the existing value is replaced with the specified value. + #. Panic if an illegal header is passed. # # + headerName - The header name # + headerValue - The header value # + position - Represents the position of the header as an optional parameter. If the position is `http:TRAILING`, # the entity-body of the `Response` must be accessed initially. public isolated function addHeader(string headerName, string headerValue, HeaderPosition position = LEADING) { + if headerName.equalsIgnoreCaseAscii(CONTENT_TYPE) { + return externResponseSetHeader(self, headerName, headerValue, position); + } return externResponseAddHeader(self, headerName, headerValue, position); } From 12df1255435c447a1584c99382884f77018ec260 Mon Sep 17 00:00:00 2001 From: TharmiganK Date: Tue, 15 Oct 2024 17:47:08 +0530 Subject: [PATCH 2/5] Add tests --- .../tests/http_header_test.bal | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/ballerina-tests/http-misc-tests/tests/http_header_test.bal b/ballerina-tests/http-misc-tests/tests/http_header_test.bal index 72a0171459..45d7256fb8 100644 --- a/ballerina-tests/http-misc-tests/tests/http_header_test.bal +++ b/ballerina-tests/http-misc-tests/tests/http_header_test.bal @@ -14,6 +14,7 @@ // specific language governing permissions and limitations // under the License. +import ballerina/mime; import ballerina/test; import ballerina/http; import ballerina/http_test_common as common; @@ -276,6 +277,27 @@ function testPassthruWithBody() returns error? { } } +@test:Config {} +function testAddHeaderWithContentType() returns error? { + http:Request req = new; + check req.setContentType(mime:APPLICATION_JSON); + test:assertEquals(check req.getHeaders(http:CONTENT_TYPE), [mime:APPLICATION_JSON]); + req.addHeader(http:CONTENT_TYPE, mime:APPLICATION_XML); + test:assertEquals(check req.getHeaders(http:CONTENT_TYPE), [mime:APPLICATION_XML]); + + http:Response res = new; + check res.setContentType(mime:APPLICATION_JSON); + test:assertEquals(check res.getHeaders(http:CONTENT_TYPE), [mime:APPLICATION_JSON]); + res.addHeader(http:CONTENT_TYPE, mime:APPLICATION_XML); + test:assertEquals(check res.getHeaders(http:CONTENT_TYPE), [mime:APPLICATION_XML]); + + http:PushPromise pushPromise = new; + pushPromise.addHeader(http:CONTENT_TYPE, mime:APPLICATION_JSON); + test:assertEquals(pushPromise.getHeaders(http:CONTENT_TYPE), [mime:APPLICATION_JSON]); + pushPromise.addHeader(http:CONTENT_TYPE, mime:APPLICATION_XML); + test:assertEquals(pushPromise.getHeaders(http:CONTENT_TYPE), [mime:APPLICATION_XML]); +} + type Headers record {| @http:Header {name: "X-API-VERSION"} string apiVersion; From b3c80ff24a073ea9cd3edca9707cf661b2f8e851 Mon Sep 17 00:00:00 2001 From: TharmiganK Date: Tue, 15 Oct 2024 17:49:58 +0530 Subject: [PATCH 3/5] Update changelog --- changelog.md | 1 + 1 file changed, 1 insertion(+) diff --git a/changelog.md b/changelog.md index f427f1fed7..4935b7c73b 100644 --- a/changelog.md +++ b/changelog.md @@ -18,6 +18,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), ### Fixed - [Address CVE-2024-7254 vulnerability](https://github.com/ballerina-platform/ballerina-library/issues/7013) +- [Fix duplicating `Content-Type` header via the `addHeader` method](https://github.com/ballerina-platform/ballerina-library/issues/7268) ## [2.12.0] - 2024-08-20 From 62def213b00020ec6e2320e6972fa40ac50c5b44 Mon Sep 17 00:00:00 2001 From: TharmiganK Date: Wed, 16 Oct 2024 09:07:46 +0530 Subject: [PATCH 4/5] [Automated] Update the native jar versions --- ballerina/Dependencies.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ballerina/Dependencies.toml b/ballerina/Dependencies.toml index 66f8ee6cbc..3b2102795a 100644 --- a/ballerina/Dependencies.toml +++ b/ballerina/Dependencies.toml @@ -255,7 +255,7 @@ modules = [ [[package]] org = "ballerina" name = "mime" -version = "2.10.0" +version = "2.10.1" dependencies = [ {org = "ballerina", name = "io"}, {org = "ballerina", name = "jballerina.java"}, From 7905e2e66f68f5a9ddf91502b25f287672d3f1c8 Mon Sep 17 00:00:00 2001 From: TharmiganK Date: Wed, 16 Oct 2024 09:19:15 +0530 Subject: [PATCH 5/5] [Automated] Update the native jar versions --- ballerina-tests/http-advanced-tests/Dependencies.toml | 2 +- ballerina-tests/http-client-tests/Dependencies.toml | 2 +- ballerina-tests/http-dispatching-tests/Dependencies.toml | 2 +- ballerina-tests/http-interceptor-tests/Dependencies.toml | 2 +- ballerina-tests/http-misc-tests/Dependencies.toml | 2 +- ballerina-tests/http-resiliency-tests/Dependencies.toml | 2 +- ballerina-tests/http-security-tests/Dependencies.toml | 2 +- ballerina-tests/http-service-tests/Dependencies.toml | 2 +- ballerina-tests/http-test-common/Dependencies.toml | 2 +- ballerina-tests/http2-tests/Dependencies.toml | 2 +- 10 files changed, 10 insertions(+), 10 deletions(-) diff --git a/ballerina-tests/http-advanced-tests/Dependencies.toml b/ballerina-tests/http-advanced-tests/Dependencies.toml index 85999a0f16..8f12b5ef4b 100644 --- a/ballerina-tests/http-advanced-tests/Dependencies.toml +++ b/ballerina-tests/http-advanced-tests/Dependencies.toml @@ -288,7 +288,7 @@ dependencies = [ [[package]] org = "ballerina" name = "mime" -version = "2.10.0" +version = "2.10.1" scope = "testOnly" dependencies = [ {org = "ballerina", name = "io"}, diff --git a/ballerina-tests/http-client-tests/Dependencies.toml b/ballerina-tests/http-client-tests/Dependencies.toml index 553a084e96..aa3a150146 100644 --- a/ballerina-tests/http-client-tests/Dependencies.toml +++ b/ballerina-tests/http-client-tests/Dependencies.toml @@ -284,7 +284,7 @@ dependencies = [ [[package]] org = "ballerina" name = "mime" -version = "2.10.0" +version = "2.10.1" scope = "testOnly" dependencies = [ {org = "ballerina", name = "io"}, diff --git a/ballerina-tests/http-dispatching-tests/Dependencies.toml b/ballerina-tests/http-dispatching-tests/Dependencies.toml index 068a65b76d..17705d3874 100644 --- a/ballerina-tests/http-dispatching-tests/Dependencies.toml +++ b/ballerina-tests/http-dispatching-tests/Dependencies.toml @@ -323,7 +323,7 @@ dependencies = [ [[package]] org = "ballerina" name = "mime" -version = "2.10.0" +version = "2.10.1" scope = "testOnly" dependencies = [ {org = "ballerina", name = "io"}, diff --git a/ballerina-tests/http-interceptor-tests/Dependencies.toml b/ballerina-tests/http-interceptor-tests/Dependencies.toml index 2a310bff4c..80af18e1c8 100644 --- a/ballerina-tests/http-interceptor-tests/Dependencies.toml +++ b/ballerina-tests/http-interceptor-tests/Dependencies.toml @@ -278,7 +278,7 @@ dependencies = [ [[package]] org = "ballerina" name = "mime" -version = "2.10.0" +version = "2.10.1" scope = "testOnly" dependencies = [ {org = "ballerina", name = "io"}, diff --git a/ballerina-tests/http-misc-tests/Dependencies.toml b/ballerina-tests/http-misc-tests/Dependencies.toml index a6267e2744..fcfde91c7b 100644 --- a/ballerina-tests/http-misc-tests/Dependencies.toml +++ b/ballerina-tests/http-misc-tests/Dependencies.toml @@ -284,7 +284,7 @@ dependencies = [ [[package]] org = "ballerina" name = "mime" -version = "2.10.0" +version = "2.10.1" scope = "testOnly" dependencies = [ {org = "ballerina", name = "io"}, diff --git a/ballerina-tests/http-resiliency-tests/Dependencies.toml b/ballerina-tests/http-resiliency-tests/Dependencies.toml index 6d14fa50a7..ca6fbfbbe8 100644 --- a/ballerina-tests/http-resiliency-tests/Dependencies.toml +++ b/ballerina-tests/http-resiliency-tests/Dependencies.toml @@ -279,7 +279,7 @@ dependencies = [ [[package]] org = "ballerina" name = "mime" -version = "2.10.0" +version = "2.10.1" scope = "testOnly" dependencies = [ {org = "ballerina", name = "io"}, diff --git a/ballerina-tests/http-security-tests/Dependencies.toml b/ballerina-tests/http-security-tests/Dependencies.toml index bfa664fc5d..9867a61639 100644 --- a/ballerina-tests/http-security-tests/Dependencies.toml +++ b/ballerina-tests/http-security-tests/Dependencies.toml @@ -280,7 +280,7 @@ dependencies = [ [[package]] org = "ballerina" name = "mime" -version = "2.10.0" +version = "2.10.1" scope = "testOnly" dependencies = [ {org = "ballerina", name = "io"}, diff --git a/ballerina-tests/http-service-tests/Dependencies.toml b/ballerina-tests/http-service-tests/Dependencies.toml index 61aebf9302..9c5112127f 100644 --- a/ballerina-tests/http-service-tests/Dependencies.toml +++ b/ballerina-tests/http-service-tests/Dependencies.toml @@ -284,7 +284,7 @@ dependencies = [ [[package]] org = "ballerina" name = "mime" -version = "2.10.0" +version = "2.10.1" scope = "testOnly" dependencies = [ {org = "ballerina", name = "io"}, diff --git a/ballerina-tests/http-test-common/Dependencies.toml b/ballerina-tests/http-test-common/Dependencies.toml index 3442357bdf..3b27be87cb 100644 --- a/ballerina-tests/http-test-common/Dependencies.toml +++ b/ballerina-tests/http-test-common/Dependencies.toml @@ -238,7 +238,7 @@ modules = [ [[package]] org = "ballerina" name = "mime" -version = "2.10.0" +version = "2.10.1" dependencies = [ {org = "ballerina", name = "io"}, {org = "ballerina", name = "jballerina.java"}, diff --git a/ballerina-tests/http2-tests/Dependencies.toml b/ballerina-tests/http2-tests/Dependencies.toml index 768d787af9..2cf97cfdef 100644 --- a/ballerina-tests/http2-tests/Dependencies.toml +++ b/ballerina-tests/http2-tests/Dependencies.toml @@ -284,7 +284,7 @@ dependencies = [ [[package]] org = "ballerina" name = "mime" -version = "2.10.0" +version = "2.10.1" scope = "testOnly" dependencies = [ {org = "ballerina", name = "io"},