fix Accept header in HTTP requests #5
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The ClientOperation.ProducesMediaTypes field determines the value of the HTTP Accept header in requests. The current implementation causes /cacerts, /simpleenroll and /simplereenroll requests to be sent with header `Accept: text/plain`. This is incorrect, and can result in EST servers reponding with status 406 Not Acceptable. Use the correct value: `application/pkcs7-mime`. Signed-off-by: Fraser Tweedale <[email protected]>
frasertweedale
added a commit
to frasertweedale/pki
that referenced
this pull request
Jul 5, 2022
At least one EST client is known to send requests with HTTP header `Accept: text/plain`; see thales-e-security/estclient#5. This behaviour is dubious. It is problematic when communicating with servers/frameworks that have rigid content negotiation behaviour (such as JAX-RS). Nevertheless, the EST protocol uses a narrow range of media types. The method and path are sufficient to determine the request and response media types, regardless of Content-Type and Accept header values. To tolerate bogus Accept header values, define and apply a ContainerRequestFilter that detects when the Accept header does not match any of the response types used in the EST protocol. If it detects this condition it removes the Accept header from the request. NOTE: the JAX-RS spec is ambiguous as to whether our use of the API is legal. Per the spec, `ContainerRequestContext.getAcceptableMediaTypes()` returns an IMMUTABLE `List<MediaType>`. However, `ContainerRequestContext.getHeaders()` returns a MUTABLE map of headers. We are able to delete the Accept header via that map. It seems to be a RestEasy implementation detail that `getAcceptableMediaTypes()` always reads the Accept header afresh from the mutable map. Part of: dogtagpki#3297
frasertweedale
added a commit
to frasertweedale/pki
that referenced
this pull request
Jul 5, 2022
At least one EST client is known to send requests with HTTP header `Accept: text/plain`; see thales-e-security/estclient#5. This behaviour is dubious. It is problematic when communicating with servers/frameworks that have rigid content negotiation behaviour (such as JAX-RS). Nevertheless, the EST protocol uses a narrow range of media types. The method and path are sufficient to determine the request and response media types, regardless of Content-Type and Accept header values. To tolerate bogus Accept header values, define and apply a ContainerRequestFilter that detects when the Accept header does not match any of the response types used in the EST protocol. If it detects this condition it removes the Accept header from the request. NOTE: the JAX-RS spec is ambiguous as to whether our use of the API is legal. Per the spec, `ContainerRequestContext.getAcceptableMediaTypes()` returns an IMMUTABLE `List<MediaType>`. However, `ContainerRequestContext.getHeaders()` returns a MUTABLE map of headers. We are able to delete the Accept header via that map. It seems to be a RestEasy implementation detail that `getAcceptableMediaTypes()` always reads the Accept header afresh from the mutable map. Part of: dogtagpki#3297
frasertweedale
added a commit
to frasertweedale/pki
that referenced
this pull request
Jul 5, 2022
At least one EST client is known to send requests with HTTP header `Accept: text/plain`; see thales-e-security/estclient#5. This behaviour is dubious. It is problematic when communicating with servers/frameworks that have rigid content negotiation behaviour (such as JAX-RS). Nevertheless, the EST protocol uses a narrow range of media types. The method and path are sufficient to determine the request and response media types, regardless of Content-Type and Accept header values. To tolerate bogus Accept header values, define and apply a ContainerRequestFilter that detects when the Accept header does not match any of the response types used in the EST protocol. If it detects this condition it removes the Accept header from the request. NOTE: the JAX-RS spec is ambiguous as to whether our use of the API is legal. Per the spec, `ContainerRequestContext.getAcceptableMediaTypes()` returns an IMMUTABLE `List<MediaType>`. However, `ContainerRequestContext.getHeaders()` returns a MUTABLE map of headers. We are able to delete the Accept header via that map. It seems to be a RestEasy implementation detail that `getAcceptableMediaTypes()` always reads the Accept header afresh from the mutable map. Part of: dogtagpki#3297
frasertweedale
added a commit
to frasertweedale/pki
that referenced
this pull request
Jul 6, 2022
At least one EST client is known to send requests with HTTP header `Accept: text/plain`; see thales-e-security/estclient#5. This behaviour is dubious. It is problematic when communicating with servers/frameworks that have rigid content negotiation behaviour (such as JAX-RS). Nevertheless, the EST protocol uses a narrow range of media types. The method and path are sufficient to determine the request and response media types, regardless of Content-Type and Accept header values. To tolerate bogus Accept header values, define and apply a ContainerRequestFilter that detects when the Accept header does not match any of the response types used in the EST protocol. If it detects this condition it removes the Accept header from the request. NOTE: the JAX-RS spec is ambiguous as to whether our use of the API is legal. Per the spec, `ContainerRequestContext.getAcceptableMediaTypes()` returns an IMMUTABLE `List<MediaType>`. However, `ContainerRequestContext.getHeaders()` returns a MUTABLE map of headers. We are able to delete the Accept header via that map. It seems to be a RestEasy implementation detail that `getAcceptableMediaTypes()` always reads the Accept header afresh from the mutable map. Part of: dogtagpki#3297
frasertweedale
added a commit
to frasertweedale/pki
that referenced
this pull request
Jul 6, 2022
At least one EST client is known to send requests with HTTP header `Accept: text/plain`; see thales-e-security/estclient#5. This behaviour is dubious. It is problematic when communicating with servers/frameworks that have rigid content negotiation behaviour (such as JAX-RS). Nevertheless, the EST protocol uses a narrow range of media types. The method and path are sufficient to determine the request and response media types, regardless of Content-Type and Accept header values. To tolerate bogus Accept header values, define and apply a ContainerRequestFilter that detects when the Accept header does not match any of the response types used in the EST protocol. If it detects this condition it removes the Accept header from the request. NOTE: the JAX-RS spec is ambiguous as to whether our use of the API is legal. Per the spec, `ContainerRequestContext.getAcceptableMediaTypes()` returns an IMMUTABLE `List<MediaType>`. However, `ContainerRequestContext.getHeaders()` returns a MUTABLE map of headers. We are able to delete the Accept header via that map. It seems to be a RestEasy implementation detail that `getAcceptableMediaTypes()` always reads the Accept header afresh from the mutable map. Part of: dogtagpki#3297
frasertweedale
added a commit
to frasertweedale/pki
that referenced
this pull request
Jul 6, 2022
At least one EST client is known to send requests with HTTP header `Accept: text/plain`; see thales-e-security/estclient#5. This behaviour is dubious. It is problematic when communicating with servers/frameworks that have rigid content negotiation behaviour (such as JAX-RS). Nevertheless, the EST protocol uses a narrow range of media types. The method and path are sufficient to determine the request and response media types, regardless of Content-Type and Accept header values. To tolerate bogus Accept header values, define and apply a ContainerRequestFilter that detects when the Accept header does not match any of the response types used in the EST protocol. If it detects this condition it removes the Accept header from the request. NOTE: the JAX-RS spec is ambiguous as to whether our use of the API is legal. Per the spec, `ContainerRequestContext.getAcceptableMediaTypes()` returns an IMMUTABLE `List<MediaType>`. However, `ContainerRequestContext.getHeaders()` returns a MUTABLE map of headers. We are able to delete the Accept header via that map. It seems to be a RestEasy implementation detail that `getAcceptableMediaTypes()` always reads the Accept header afresh from the mutable map. Part of: dogtagpki#3297
frasertweedale
added a commit
to frasertweedale/pki
that referenced
this pull request
Jul 7, 2022
At least one EST client is known to send requests with HTTP header `Accept: text/plain`; see thales-e-security/estclient#5. This behaviour is dubious. It is problematic when communicating with servers/frameworks that have rigid content negotiation behaviour (such as JAX-RS). Nevertheless, the EST protocol uses a narrow range of media types. The method and path are sufficient to determine the request and response media types, regardless of Content-Type and Accept header values. To tolerate bogus Accept header values, define and apply a ContainerRequestFilter that detects when the Accept header does not match any of the response types used in the EST protocol. If it detects this condition it removes the Accept header from the request. NOTE: the JAX-RS spec is ambiguous as to whether our use of the API is legal. Per the spec, `ContainerRequestContext.getAcceptableMediaTypes()` returns an IMMUTABLE `List<MediaType>`. However, `ContainerRequestContext.getHeaders()` returns a MUTABLE map of headers. We are able to delete the Accept header via that map. It seems to be a RestEasy implementation detail that `getAcceptableMediaTypes()` always reads the Accept header afresh from the mutable map. Part of: dogtagpki#3297
frasertweedale
added a commit
to frasertweedale/pki
that referenced
this pull request
Jul 12, 2022
At least one EST client is known to send requests with HTTP header `Accept: text/plain`; see thales-e-security/estclient#5. This behaviour is dubious. It is problematic when communicating with servers/frameworks that have rigid content negotiation behaviour (such as JAX-RS). Nevertheless, the EST protocol uses a narrow range of media types. The method and path are sufficient to determine the request and response media types, regardless of Content-Type and Accept header values. To tolerate bogus Accept header values, define and apply a ContainerRequestFilter that detects when the Accept header does not match any of the response types used in the EST protocol. If it detects this condition it removes the Accept header from the request. NOTE: the JAX-RS spec is ambiguous as to whether our use of the API is legal. Per the spec, `ContainerRequestContext.getAcceptableMediaTypes()` returns an IMMUTABLE `List<MediaType>`. However, `ContainerRequestContext.getHeaders()` returns a MUTABLE map of headers. We are able to delete the Accept header via that map. It seems to be a RestEasy implementation detail that `getAcceptableMediaTypes()` always reads the Accept header afresh from the mutable map. Part of: dogtagpki#3297
frasertweedale
added a commit
to frasertweedale/pki
that referenced
this pull request
Jul 15, 2022
At least one EST client is known to send requests with HTTP header `Accept: text/plain`; see thales-e-security/estclient#5. This behaviour is dubious. It is problematic when communicating with servers/frameworks that have rigid content negotiation behaviour (such as JAX-RS). Nevertheless, the EST protocol uses a narrow range of media types. The method and path are sufficient to determine the request and response media types, regardless of Content-Type and Accept header values. To tolerate bogus Accept header values, define and apply a ContainerRequestFilter that detects when the Accept header does not match any of the response types used in the EST protocol. If it detects this condition it removes the Accept header from the request. NOTE: the JAX-RS spec is ambiguous as to whether our use of the API is legal. Per the spec, `ContainerRequestContext.getAcceptableMediaTypes()` returns an IMMUTABLE `List<MediaType>`. However, `ContainerRequestContext.getHeaders()` returns a MUTABLE map of headers. We are able to delete the Accept header via that map. It seems to be a RestEasy implementation detail that `getAcceptableMediaTypes()` always reads the Accept header afresh from the mutable map. Part of: dogtagpki#3297
frasertweedale
added a commit
to frasertweedale/pki
that referenced
this pull request
Jul 19, 2022
At least one EST client is known to send requests with HTTP header `Accept: text/plain`; see thales-e-security/estclient#5. This behaviour is dubious. It is problematic when communicating with servers/frameworks that have rigid content negotiation behaviour (such as JAX-RS). Nevertheless, the EST protocol uses a narrow range of media types. The method and path are sufficient to determine the request and response media types, regardless of Content-Type and Accept header values. To tolerate bogus Accept header values, define and apply a ContainerRequestFilter that detects when the Accept header does not match any of the response types used in the EST protocol. If it detects this condition it removes the Accept header from the request. NOTE: the JAX-RS spec is ambiguous as to whether our use of the API is legal. Per the spec, `ContainerRequestContext.getAcceptableMediaTypes()` returns an IMMUTABLE `List<MediaType>`. However, `ContainerRequestContext.getHeaders()` returns a MUTABLE map of headers. We are able to delete the Accept header via that map. It seems to be a RestEasy implementation detail that `getAcceptableMediaTypes()` always reads the Accept header afresh from the mutable map. Part of: dogtagpki#3297
frasertweedale
added a commit
to frasertweedale/pki
that referenced
this pull request
Jul 20, 2022
At least one EST client is known to send requests with HTTP header `Accept: text/plain`; see thales-e-security/estclient#5. This behaviour is dubious. It is problematic when communicating with servers/frameworks that have rigid content negotiation behaviour (such as JAX-RS). Nevertheless, the EST protocol uses a narrow range of media types. The method and path are sufficient to determine the request and response media types, regardless of Content-Type and Accept header values. To tolerate bogus Accept header values, define and apply a ContainerRequestFilter that detects when the Accept header does not match any of the response types used in the EST protocol. If it detects this condition it removes the Accept header from the request. NOTE: the JAX-RS spec is ambiguous as to whether our use of the API is legal. Per the spec, `ContainerRequestContext.getAcceptableMediaTypes()` returns an IMMUTABLE `List<MediaType>`. However, `ContainerRequestContext.getHeaders()` returns a MUTABLE map of headers. We are able to delete the Accept header via that map. It seems to be a RestEasy implementation detail that `getAcceptableMediaTypes()` always reads the Accept header afresh from the mutable map. Part of: dogtagpki#3297
frasertweedale
added a commit
to frasertweedale/pki
that referenced
this pull request
Jul 26, 2022
At least one EST client is known to send requests with HTTP header `Accept: text/plain`; see thales-e-security/estclient#5. This behaviour is dubious. It is problematic when communicating with servers/frameworks that have rigid content negotiation behaviour (such as JAX-RS). Nevertheless, the EST protocol uses a narrow range of media types. The method and path are sufficient to determine the request and response media types, regardless of Content-Type and Accept header values. To tolerate bogus Accept header values, define and apply a ContainerRequestFilter that detects when the Accept header does not match any of the response types used in the EST protocol. If it detects this condition it removes the Accept header from the request. NOTE: the JAX-RS spec is ambiguous as to whether our use of the API is legal. Per the spec, `ContainerRequestContext.getAcceptableMediaTypes()` returns an IMMUTABLE `List<MediaType>`. However, `ContainerRequestContext.getHeaders()` returns a MUTABLE map of headers. We are able to delete the Accept header via that map. It seems to be a RestEasy implementation detail that `getAcceptableMediaTypes()` always reads the Accept header afresh from the mutable map. Part of: dogtagpki#3297
frasertweedale
added a commit
to frasertweedale/pki
that referenced
this pull request
Jul 26, 2022
At least one EST client is known to send requests with HTTP header `Accept: text/plain`; see thales-e-security/estclient#5. This behaviour is dubious. It is problematic when communicating with servers/frameworks that have rigid content negotiation behaviour (such as JAX-RS). Nevertheless, the EST protocol uses a narrow range of media types. The method and path are sufficient to determine the request and response media types, regardless of Content-Type and Accept header values. To tolerate bogus Accept header values, define and apply a ContainerRequestFilter that detects when the Accept header does not match any of the response types used in the EST protocol. If it detects this condition it removes the Accept header from the request. NOTE: the JAX-RS spec is ambiguous as to whether our use of the API is legal. Per the spec, `ContainerRequestContext.getAcceptableMediaTypes()` returns an IMMUTABLE `List<MediaType>`. However, `ContainerRequestContext.getHeaders()` returns a MUTABLE map of headers. We are able to delete the Accept header via that map. It seems to be a RestEasy implementation detail that `getAcceptableMediaTypes()` always reads the Accept header afresh from the mutable map. Part of: dogtagpki#3297
frasertweedale
added a commit
to frasertweedale/pki
that referenced
this pull request
Jul 28, 2022
At least one EST client is known to send requests with HTTP header `Accept: text/plain`; see thales-e-security/estclient#5. This behaviour is dubious. It is problematic when communicating with servers/frameworks that have rigid content negotiation behaviour (such as JAX-RS). Nevertheless, the EST protocol uses a narrow range of media types. The method and path are sufficient to determine the request and response media types, regardless of Content-Type and Accept header values. To tolerate bogus Accept header values, define and apply a ContainerRequestFilter that detects when the Accept header does not match any of the response types used in the EST protocol. If it detects this condition it removes the Accept header from the request. NOTE: the JAX-RS spec is ambiguous as to whether our use of the API is legal. Per the spec, `ContainerRequestContext.getAcceptableMediaTypes()` returns an IMMUTABLE `List<MediaType>`. However, `ContainerRequestContext.getHeaders()` returns a MUTABLE map of headers. We are able to delete the Accept header via that map. It seems to be a RestEasy implementation detail that `getAcceptableMediaTypes()` always reads the Accept header afresh from the mutable map. Part of: dogtagpki#3297
frasertweedale
added a commit
to frasertweedale/pki
that referenced
this pull request
Aug 4, 2022
At least one EST client is known to send requests with HTTP header `Accept: text/plain`; see thales-e-security/estclient#5. This behaviour is dubious. It is problematic when communicating with servers/frameworks that have rigid content negotiation behaviour (such as JAX-RS). Nevertheless, the EST protocol uses a narrow range of media types. The method and path are sufficient to determine the request and response media types, regardless of Content-Type and Accept header values. To tolerate bogus Accept header values, define and apply a ContainerRequestFilter that detects when the Accept header does not match any of the response types used in the EST protocol. If it detects this condition it removes the Accept header from the request. NOTE: the JAX-RS spec is ambiguous as to whether our use of the API is legal. Per the spec, `ContainerRequestContext.getAcceptableMediaTypes()` returns an IMMUTABLE `List<MediaType>`. However, `ContainerRequestContext.getHeaders()` returns a MUTABLE map of headers. We are able to delete the Accept header via that map. It seems to be a RestEasy implementation detail that `getAcceptableMediaTypes()` always reads the Accept header afresh from the mutable map. Part of: dogtagpki#3297
frasertweedale
added a commit
to frasertweedale/pki
that referenced
this pull request
Aug 17, 2022
At least one EST client is known to send requests with HTTP header `Accept: text/plain`; see thales-e-security/estclient#5. This behaviour is dubious. It is problematic when communicating with servers/frameworks that have rigid content negotiation behaviour (such as JAX-RS). Nevertheless, the EST protocol uses a narrow range of media types. The method and path are sufficient to determine the request and response media types, regardless of Content-Type and Accept header values. To tolerate bogus Accept header values, define and apply a ContainerRequestFilter that detects when the Accept header does not match any of the response types used in the EST protocol. If it detects this condition it removes the Accept header from the request. NOTE: the JAX-RS spec is ambiguous as to whether our use of the API is legal. Per the spec, `ContainerRequestContext.getAcceptableMediaTypes()` returns an IMMUTABLE `List<MediaType>`. However, `ContainerRequestContext.getHeaders()` returns a MUTABLE map of headers. We are able to delete the Accept header via that map. It seems to be a RestEasy implementation detail that `getAcceptableMediaTypes()` always reads the Accept header afresh from the mutable map. Part of: dogtagpki#3297
frasertweedale
added a commit
to frasertweedale/pki
that referenced
this pull request
Aug 22, 2022
At least one EST client is known to send requests with HTTP header `Accept: text/plain`; see thales-e-security/estclient#5. This behaviour is dubious. It is problematic when communicating with servers/frameworks that have rigid content negotiation behaviour (such as JAX-RS). Nevertheless, the EST protocol uses a narrow range of media types. The method and path are sufficient to determine the request and response media types, regardless of Content-Type and Accept header values. To tolerate bogus Accept header values, define and apply a ContainerRequestFilter that detects when the Accept header does not match any of the response types used in the EST protocol. If it detects this condition it removes the Accept header from the request. NOTE: the JAX-RS spec is ambiguous as to whether our use of the API is legal. Per the spec, `ContainerRequestContext.getAcceptableMediaTypes()` returns an IMMUTABLE `List<MediaType>`. However, `ContainerRequestContext.getHeaders()` returns a MUTABLE map of headers. We are able to delete the Accept header via that map. It seems to be a RestEasy implementation detail that `getAcceptableMediaTypes()` always reads the Accept header afresh from the mutable map. Part of: dogtagpki#3297
frasertweedale
added a commit
to frasertweedale/pki
that referenced
this pull request
Aug 24, 2022
At least one EST client is known to send requests with HTTP header `Accept: text/plain`; see thales-e-security/estclient#5. This behaviour is dubious. It is problematic when communicating with servers/frameworks that have rigid content negotiation behaviour (such as JAX-RS). Nevertheless, the EST protocol uses a narrow range of media types. The method and path are sufficient to determine the request and response media types, regardless of Content-Type and Accept header values. To tolerate bogus Accept header values, define and apply a ContainerRequestFilter that detects when the Accept header does not match any of the response types used in the EST protocol. If it detects this condition it removes the Accept header from the request. NOTE: the JAX-RS spec is ambiguous as to whether our use of the API is legal. Per the spec, `ContainerRequestContext.getAcceptableMediaTypes()` returns an IMMUTABLE `List<MediaType>`. However, `ContainerRequestContext.getHeaders()` returns a MUTABLE map of headers. We are able to delete the Accept header via that map. It seems to be a RestEasy implementation detail that `getAcceptableMediaTypes()` always reads the Accept header afresh from the mutable map. Part of: dogtagpki#3297
frasertweedale
added a commit
to frasertweedale/pki
that referenced
this pull request
Aug 24, 2022
At least one EST client is known to send requests with HTTP header `Accept: text/plain`; see thales-e-security/estclient#5. This behaviour is dubious. It is problematic when communicating with servers/frameworks that have rigid content negotiation behaviour (such as JAX-RS). Nevertheless, the EST protocol uses a narrow range of media types. The method and path are sufficient to determine the request and response media types, regardless of Content-Type and Accept header values. To tolerate bogus Accept header values, define and apply a ContainerRequestFilter that detects when the Accept header does not match any of the response types used in the EST protocol. If it detects this condition it removes the Accept header from the request. NOTE: the JAX-RS spec is ambiguous as to whether our use of the API is legal. Per the spec, `ContainerRequestContext.getAcceptableMediaTypes()` returns an IMMUTABLE `List<MediaType>`. However, `ContainerRequestContext.getHeaders()` returns a MUTABLE map of headers. We are able to delete the Accept header via that map. It seems to be a RestEasy implementation detail that `getAcceptableMediaTypes()` always reads the Accept header afresh from the mutable map. Part of: dogtagpki#3297
frasertweedale
added a commit
to frasertweedale/pki
that referenced
this pull request
Aug 25, 2022
At least one EST client is known to send requests with HTTP header `Accept: text/plain`; see thales-e-security/estclient#5. This behaviour is dubious. It is problematic when communicating with servers/frameworks that have rigid content negotiation behaviour (such as JAX-RS). Nevertheless, the EST protocol uses a narrow range of media types. The method and path are sufficient to determine the request and response media types, regardless of Content-Type and Accept header values. To tolerate bogus Accept header values, define and apply a ContainerRequestFilter that detects when the Accept header does not match any of the response types used in the EST protocol. If it detects this condition it removes the Accept header from the request. NOTE: the JAX-RS spec is ambiguous as to whether our use of the API is legal. Per the spec, `ContainerRequestContext.getAcceptableMediaTypes()` returns an IMMUTABLE `List<MediaType>`. However, `ContainerRequestContext.getHeaders()` returns a MUTABLE map of headers. We are able to delete the Accept header via that map. It seems to be a RestEasy implementation detail that `getAcceptableMediaTypes()` always reads the Accept header afresh from the mutable map. Part of: dogtagpki#3297
frasertweedale
added a commit
to frasertweedale/pki
that referenced
this pull request
Aug 25, 2022
At least one EST client is known to send requests with HTTP header `Accept: text/plain`; see thales-e-security/estclient#5. This behaviour is dubious. It is problematic when communicating with servers/frameworks that have rigid content negotiation behaviour (such as JAX-RS). Nevertheless, the EST protocol uses a narrow range of media types. The method and path are sufficient to determine the request and response media types, regardless of Content-Type and Accept header values. To tolerate bogus Accept header values, define and apply a ContainerRequestFilter that detects when the Accept header does not match any of the response types used in the EST protocol. If it detects this condition it removes the Accept header from the request. NOTE: the JAX-RS spec is ambiguous as to whether our use of the API is legal. Per the spec, `ContainerRequestContext.getAcceptableMediaTypes()` returns an IMMUTABLE `List<MediaType>`. However, `ContainerRequestContext.getHeaders()` returns a MUTABLE map of headers. We are able to delete the Accept header via that map. It seems to be a RestEasy implementation detail that `getAcceptableMediaTypes()` always reads the Accept header afresh from the mutable map. Part of: dogtagpki#3297
frasertweedale
added a commit
to frasertweedale/pki
that referenced
this pull request
Aug 25, 2022
At least one EST client is known to send requests with HTTP header `Accept: text/plain`; see thales-e-security/estclient#5. This behaviour is dubious. It is problematic when communicating with servers/frameworks that have rigid content negotiation behaviour (such as JAX-RS). Nevertheless, the EST protocol uses a narrow range of media types. The method and path are sufficient to determine the request and response media types, regardless of Content-Type and Accept header values. To tolerate bogus Accept header values, define and apply a ContainerRequestFilter that detects when the Accept header does not match any of the response types used in the EST protocol. If it detects this condition it removes the Accept header from the request. NOTE: the JAX-RS spec is ambiguous as to whether our use of the API is legal. Per the spec, `ContainerRequestContext.getAcceptableMediaTypes()` returns an IMMUTABLE `List<MediaType>`. However, `ContainerRequestContext.getHeaders()` returns a MUTABLE map of headers. We are able to delete the Accept header via that map. It seems to be a RestEasy implementation detail that `getAcceptableMediaTypes()` always reads the Accept header afresh from the mutable map. Part of: dogtagpki#3297
frasertweedale
added a commit
to frasertweedale/pki
that referenced
this pull request
Aug 25, 2022
At least one EST client is known to send requests with HTTP header `Accept: text/plain`; see thales-e-security/estclient#5. This behaviour is dubious. It is problematic when communicating with servers/frameworks that have rigid content negotiation behaviour (such as JAX-RS). Nevertheless, the EST protocol uses a narrow range of media types. The method and path are sufficient to determine the request and response media types, regardless of Content-Type and Accept header values. To tolerate bogus Accept header values, define and apply a ContainerRequestFilter that detects when the Accept header does not match any of the response types used in the EST protocol. If it detects this condition it removes the Accept header from the request. NOTE: the JAX-RS spec is ambiguous as to whether our use of the API is legal. Per the spec, `ContainerRequestContext.getAcceptableMediaTypes()` returns an IMMUTABLE `List<MediaType>`. However, `ContainerRequestContext.getHeaders()` returns a MUTABLE map of headers. We are able to delete the Accept header via that map. It seems to be a RestEasy implementation detail that `getAcceptableMediaTypes()` always reads the Accept header afresh from the mutable map. Part of: dogtagpki#3297
frasertweedale
added a commit
to frasertweedale/pki
that referenced
this pull request
Aug 25, 2022
At least one EST client is known to send requests with HTTP header `Accept: text/plain`; see thales-e-security/estclient#5. This behaviour is dubious. It is problematic when communicating with servers/frameworks that have rigid content negotiation behaviour (such as JAX-RS). Nevertheless, the EST protocol uses a narrow range of media types. The method and path are sufficient to determine the request and response media types, regardless of Content-Type and Accept header values. To tolerate bogus Accept header values, define and apply a ContainerRequestFilter that detects when the Accept header does not match any of the response types used in the EST protocol. If it detects this condition it removes the Accept header from the request. NOTE: the JAX-RS spec is ambiguous as to whether our use of the API is legal. Per the spec, `ContainerRequestContext.getAcceptableMediaTypes()` returns an IMMUTABLE `List<MediaType>`. However, `ContainerRequestContext.getHeaders()` returns a MUTABLE map of headers. We are able to delete the Accept header via that map. It seems to be a RestEasy implementation detail that `getAcceptableMediaTypes()` always reads the Accept header afresh from the mutable map. Part of: dogtagpki#3297
frasertweedale
added a commit
to frasertweedale/pki
that referenced
this pull request
Aug 25, 2022
At least one EST client is known to send requests with HTTP header `Accept: text/plain`; see thales-e-security/estclient#5. This behaviour is dubious. It is problematic when communicating with servers/frameworks that have rigid content negotiation behaviour (such as JAX-RS). Nevertheless, the EST protocol uses a narrow range of media types. The method and path are sufficient to determine the request and response media types, regardless of Content-Type and Accept header values. To tolerate bogus Accept header values, define and apply a ContainerRequestFilter that detects when the Accept header does not match any of the response types used in the EST protocol. If it detects this condition it removes the Accept header from the request. NOTE: the JAX-RS spec is ambiguous as to whether our use of the API is legal. Per the spec, `ContainerRequestContext.getAcceptableMediaTypes()` returns an IMMUTABLE `List<MediaType>`. However, `ContainerRequestContext.getHeaders()` returns a MUTABLE map of headers. We are able to delete the Accept header via that map. It seems to be a RestEasy implementation detail that `getAcceptableMediaTypes()` always reads the Accept header afresh from the mutable map. Part of: dogtagpki#3297
frasertweedale
added a commit
to frasertweedale/pki
that referenced
this pull request
Aug 26, 2022
At least one EST client is known to send requests with HTTP header `Accept: text/plain`; see thales-e-security/estclient#5. This behaviour is dubious. It is problematic when communicating with servers/frameworks that have rigid content negotiation behaviour (such as JAX-RS). Nevertheless, the EST protocol uses a narrow range of media types. The method and path are sufficient to determine the request and response media types, regardless of Content-Type and Accept header values. To tolerate bogus Accept header values, define and apply a ContainerRequestFilter that detects when the Accept header does not match any of the response types used in the EST protocol. If it detects this condition it removes the Accept header from the request. NOTE: the JAX-RS spec is ambiguous as to whether our use of the API is legal. Per the spec, `ContainerRequestContext.getAcceptableMediaTypes()` returns an IMMUTABLE `List<MediaType>`. However, `ContainerRequestContext.getHeaders()` returns a MUTABLE map of headers. We are able to delete the Accept header via that map. It seems to be a RestEasy implementation detail that `getAcceptableMediaTypes()` always reads the Accept header afresh from the mutable map. Part of: dogtagpki#3297
frasertweedale
added a commit
to frasertweedale/pki
that referenced
this pull request
Aug 26, 2022
At least one EST client is known to send requests with HTTP header `Accept: text/plain`; see thales-e-security/estclient#5. This behaviour is dubious. It is problematic when communicating with servers/frameworks that have rigid content negotiation behaviour (such as JAX-RS). Nevertheless, the EST protocol uses a narrow range of media types. The method and path are sufficient to determine the request and response media types, regardless of Content-Type and Accept header values. To tolerate bogus Accept header values, define and apply a ContainerRequestFilter that detects when the Accept header does not match any of the response types used in the EST protocol. If it detects this condition it removes the Accept header from the request. NOTE: the JAX-RS spec is ambiguous as to whether our use of the API is legal. Per the spec, `ContainerRequestContext.getAcceptableMediaTypes()` returns an IMMUTABLE `List<MediaType>`. However, `ContainerRequestContext.getHeaders()` returns a MUTABLE map of headers. We are able to delete the Accept header via that map. It seems to be a RestEasy implementation detail that `getAcceptableMediaTypes()` always reads the Accept header afresh from the mutable map. Part of: dogtagpki#3297
frasertweedale
added a commit
to frasertweedale/pki
that referenced
this pull request
Aug 31, 2022
At least one EST client is known to send requests with HTTP header `Accept: text/plain`; see thales-e-security/estclient#5. This behaviour is dubious. It is problematic when communicating with servers/frameworks that have rigid content negotiation behaviour (such as JAX-RS). Nevertheless, the EST protocol uses a narrow range of media types. The method and path are sufficient to determine the request and response media types, regardless of Content-Type and Accept header values. To tolerate bogus Accept header values, define and apply a ContainerRequestFilter that detects when the Accept header does not match any of the response types used in the EST protocol. If it detects this condition it removes the Accept header from the request. NOTE: the JAX-RS spec is ambiguous as to whether our use of the API is legal. Per the spec, `ContainerRequestContext.getAcceptableMediaTypes()` returns an IMMUTABLE `List<MediaType>`. However, `ContainerRequestContext.getHeaders()` returns a MUTABLE map of headers. We are able to delete the Accept header via that map. It seems to be a RestEasy implementation detail that `getAcceptableMediaTypes()` always reads the Accept header afresh from the mutable map. Part of: dogtagpki#3297
frasertweedale
added a commit
to frasertweedale/pki
that referenced
this pull request
Sep 6, 2022
At least one EST client is known to send requests with HTTP header `Accept: text/plain`; see thales-e-security/estclient#5. This behaviour is dubious. It is problematic when communicating with servers/frameworks that have rigid content negotiation behaviour (such as JAX-RS). Nevertheless, the EST protocol uses a narrow range of media types. The method and path are sufficient to determine the request and response media types, regardless of Content-Type and Accept header values. To tolerate bogus Accept header values, define and apply a ContainerRequestFilter that detects when the Accept header does not match any of the response types used in the EST protocol. If it detects this condition it removes the Accept header from the request. NOTE: the JAX-RS spec is ambiguous as to whether our use of the API is legal. Per the spec, `ContainerRequestContext.getAcceptableMediaTypes()` returns an IMMUTABLE `List<MediaType>`. However, `ContainerRequestContext.getHeaders()` returns a MUTABLE map of headers. We are able to delete the Accept header via that map. It seems to be a RestEasy implementation detail that `getAcceptableMediaTypes()` always reads the Accept header afresh from the mutable map. Part of: dogtagpki#3297
frasertweedale
added a commit
to frasertweedale/pki
that referenced
this pull request
Sep 7, 2022
At least one EST client is known to send requests with HTTP header `Accept: text/plain`; see thales-e-security/estclient#5. This behaviour is dubious. It is problematic when communicating with servers/frameworks that have rigid content negotiation behaviour (such as JAX-RS). Nevertheless, the EST protocol uses a narrow range of media types. The method and path are sufficient to determine the request and response media types, regardless of Content-Type and Accept header values. To tolerate bogus Accept header values, define and apply a ContainerRequestFilter that detects when the Accept header does not match any of the response types used in the EST protocol. If it detects this condition it removes the Accept header from the request. NOTE: the JAX-RS spec is ambiguous as to whether our use of the API is legal. Per the spec, `ContainerRequestContext.getAcceptableMediaTypes()` returns an IMMUTABLE `List<MediaType>`. However, `ContainerRequestContext.getHeaders()` returns a MUTABLE map of headers. We are able to delete the Accept header via that map. It seems to be a RestEasy implementation detail that `getAcceptableMediaTypes()` always reads the Accept header afresh from the mutable map. Part of: dogtagpki#3297
frasertweedale
added a commit
to frasertweedale/pki
that referenced
this pull request
Sep 8, 2022
At least one EST client is known to send requests with HTTP header `Accept: text/plain`; see thales-e-security/estclient#5. This behaviour is dubious. It is problematic when communicating with servers/frameworks that have rigid content negotiation behaviour (such as JAX-RS). Nevertheless, the EST protocol uses a narrow range of media types. The method and path are sufficient to determine the request and response media types, regardless of Content-Type and Accept header values. To tolerate bogus Accept header values, define and apply a ContainerRequestFilter that detects when the Accept header does not match any of the response types used in the EST protocol. If it detects this condition it removes the Accept header from the request. NOTE: the JAX-RS spec is ambiguous as to whether our use of the API is legal. Per the spec, `ContainerRequestContext.getAcceptableMediaTypes()` returns an IMMUTABLE `List<MediaType>`. However, `ContainerRequestContext.getHeaders()` returns a MUTABLE map of headers. We are able to delete the Accept header via that map. It seems to be a RestEasy implementation detail that `getAcceptableMediaTypes()` always reads the Accept header afresh from the mutable map. Part of: dogtagpki#3297
ckelleyRH
pushed a commit
to ckelleyRH/pki
that referenced
this pull request
Sep 14, 2022
At least one EST client is known to send requests with HTTP header `Accept: text/plain`; see thales-e-security/estclient#5. This behaviour is dubious. It is problematic when communicating with servers/frameworks that have rigid content negotiation behaviour (such as JAX-RS). Nevertheless, the EST protocol uses a narrow range of media types. The method and path are sufficient to determine the request and response media types, regardless of Content-Type and Accept header values. To tolerate bogus Accept header values, define and apply a ContainerRequestFilter that detects when the Accept header does not match any of the response types used in the EST protocol. If it detects this condition it removes the Accept header from the request. NOTE: the JAX-RS spec is ambiguous as to whether our use of the API is legal. Per the spec, `ContainerRequestContext.getAcceptableMediaTypes()` returns an IMMUTABLE `List<MediaType>`. However, `ContainerRequestContext.getHeaders()` returns a MUTABLE map of headers. We are able to delete the Accept header via that map. It seems to be a RestEasy implementation detail that `getAcceptableMediaTypes()` always reads the Accept header afresh from the mutable map. Part of: dogtagpki#3297
frasertweedale
added a commit
to frasertweedale/pki
that referenced
this pull request
Sep 15, 2022
At least one EST client is known to send requests with HTTP header `Accept: text/plain`; see thales-e-security/estclient#5. This behaviour is dubious. It is problematic when communicating with servers/frameworks that have rigid content negotiation behaviour (such as JAX-RS). Nevertheless, the EST protocol uses a narrow range of media types. The method and path are sufficient to determine the request and response media types, regardless of Content-Type and Accept header values. To tolerate bogus Accept header values, define and apply a ContainerRequestFilter that detects when the Accept header does not match any of the response types used in the EST protocol. If it detects this condition it removes the Accept header from the request. NOTE: the JAX-RS spec is ambiguous as to whether our use of the API is legal. Per the spec, `ContainerRequestContext.getAcceptableMediaTypes()` returns an IMMUTABLE `List<MediaType>`. However, `ContainerRequestContext.getHeaders()` returns a MUTABLE map of headers. We are able to delete the Accept header via that map. It seems to be a RestEasy implementation detail that `getAcceptableMediaTypes()` always reads the Accept header afresh from the mutable map. Part of: dogtagpki#3297
frasertweedale
added a commit
to frasertweedale/pki
that referenced
this pull request
Sep 15, 2022
At least one EST client is known to send requests with HTTP header `Accept: text/plain`; see thales-e-security/estclient#5. This behaviour is dubious. It is problematic when communicating with servers/frameworks that have rigid content negotiation behaviour (such as JAX-RS). Nevertheless, the EST protocol uses a narrow range of media types. The method and path are sufficient to determine the request and response media types, regardless of Content-Type and Accept header values. To tolerate bogus Accept header values, define and apply a ContainerRequestFilter that detects when the Accept header does not match any of the response types used in the EST protocol. If it detects this condition it removes the Accept header from the request. NOTE: the JAX-RS spec is ambiguous as to whether our use of the API is legal. Per the spec, `ContainerRequestContext.getAcceptableMediaTypes()` returns an IMMUTABLE `List<MediaType>`. However, `ContainerRequestContext.getHeaders()` returns a MUTABLE map of headers. We are able to delete the Accept header via that map. It seems to be a RestEasy implementation detail that `getAcceptableMediaTypes()` always reads the Accept header afresh from the mutable map. Part of: dogtagpki#3297
frasertweedale
added a commit
to frasertweedale/pki
that referenced
this pull request
Sep 15, 2022
At least one EST client is known to send requests with HTTP header `Accept: text/plain`; see thales-e-security/estclient#5. This behaviour is dubious. It is problematic when communicating with servers/frameworks that have rigid content negotiation behaviour (such as JAX-RS). Nevertheless, the EST protocol uses a narrow range of media types. The method and path are sufficient to determine the request and response media types, regardless of Content-Type and Accept header values. To tolerate bogus Accept header values, define and apply a ContainerRequestFilter that detects when the Accept header does not match any of the response types used in the EST protocol. If it detects this condition it removes the Accept header from the request. NOTE: the JAX-RS spec is ambiguous as to whether our use of the API is legal. Per the spec, `ContainerRequestContext.getAcceptableMediaTypes()` returns an IMMUTABLE `List<MediaType>`. However, `ContainerRequestContext.getHeaders()` returns a MUTABLE map of headers. We are able to delete the Accept header via that map. It seems to be a RestEasy implementation detail that `getAcceptableMediaTypes()` always reads the Accept header afresh from the mutable map. Part of: dogtagpki#3297
frasertweedale
added a commit
to frasertweedale/pki
that referenced
this pull request
Sep 20, 2022
At least one EST client is known to send requests with HTTP header `Accept: text/plain`; see thales-e-security/estclient#5. This behaviour is dubious. It is problematic when communicating with servers/frameworks that have rigid content negotiation behaviour (such as JAX-RS). Nevertheless, the EST protocol uses a narrow range of media types. The method and path are sufficient to determine the request and response media types, regardless of Content-Type and Accept header values. To tolerate bogus Accept header values, define and apply a ContainerRequestFilter that detects when the Accept header does not match any of the response types used in the EST protocol. If it detects this condition it removes the Accept header from the request. NOTE: the JAX-RS spec is ambiguous as to whether our use of the API is legal. Per the spec, `ContainerRequestContext.getAcceptableMediaTypes()` returns an IMMUTABLE `List<MediaType>`. However, `ContainerRequestContext.getHeaders()` returns a MUTABLE map of headers. We are able to delete the Accept header via that map. It seems to be a RestEasy implementation detail that `getAcceptableMediaTypes()` always reads the Accept header afresh from the mutable map. Part of: dogtagpki#3297
fmarco76
pushed a commit
to fmarco76/pki
that referenced
this pull request
Sep 23, 2022
At least one EST client is known to send requests with HTTP header `Accept: text/plain`; see thales-e-security/estclient#5. This behaviour is dubious. It is problematic when communicating with servers/frameworks that have rigid content negotiation behaviour (such as JAX-RS). Nevertheless, the EST protocol uses a narrow range of media types. The method and path are sufficient to determine the request and response media types, regardless of Content-Type and Accept header values. To tolerate bogus Accept header values, define and apply a ContainerRequestFilter that detects when the Accept header does not match any of the response types used in the EST protocol. If it detects this condition it removes the Accept header from the request. NOTE: the JAX-RS spec is ambiguous as to whether our use of the API is legal. Per the spec, `ContainerRequestContext.getAcceptableMediaTypes()` returns an IMMUTABLE `List<MediaType>`. However, `ContainerRequestContext.getHeaders()` returns a MUTABLE map of headers. We are able to delete the Accept header via that map. It seems to be a RestEasy implementation detail that `getAcceptableMediaTypes()` always reads the Accept header afresh from the mutable map. Part of: dogtagpki#3297
frasertweedale
added a commit
to frasertweedale/pki
that referenced
this pull request
Sep 27, 2022
At least one EST client is known to send requests with HTTP header `Accept: text/plain`; see thales-e-security/estclient#5. This behaviour is dubious. It is problematic when communicating with servers/frameworks that have rigid content negotiation behaviour (such as JAX-RS). Nevertheless, the EST protocol uses a narrow range of media types. The method and path are sufficient to determine the request and response media types, regardless of Content-Type and Accept header values. To tolerate bogus Accept header values, define and apply a ContainerRequestFilter that detects when the Accept header does not match any of the response types used in the EST protocol. If it detects this condition it removes the Accept header from the request. NOTE: the JAX-RS spec is ambiguous as to whether our use of the API is legal. Per the spec, `ContainerRequestContext.getAcceptableMediaTypes()` returns an IMMUTABLE `List<MediaType>`. However, `ContainerRequestContext.getHeaders()` returns a MUTABLE map of headers. We are able to delete the Accept header via that map. It seems to be a RestEasy implementation detail that `getAcceptableMediaTypes()` always reads the Accept header afresh from the mutable map. Part of: dogtagpki#3297
frasertweedale
added a commit
to frasertweedale/pki
that referenced
this pull request
Oct 11, 2022
At least one EST client is known to send requests with HTTP header `Accept: text/plain`; see thales-e-security/estclient#5. This behaviour is dubious. It is problematic when communicating with servers/frameworks that have rigid content negotiation behaviour (such as JAX-RS). Nevertheless, the EST protocol uses a narrow range of media types. The method and path are sufficient to determine the request and response media types, regardless of Content-Type and Accept header values. To tolerate bogus Accept header values, define and apply a ContainerRequestFilter that detects when the Accept header does not match any of the response types used in the EST protocol. If it detects this condition it removes the Accept header from the request. NOTE: the JAX-RS spec is ambiguous as to whether our use of the API is legal. Per the spec, `ContainerRequestContext.getAcceptableMediaTypes()` returns an IMMUTABLE `List<MediaType>`. However, `ContainerRequestContext.getHeaders()` returns a MUTABLE map of headers. We are able to delete the Accept header via that map. It seems to be a RestEasy implementation detail that `getAcceptableMediaTypes()` always reads the Accept header afresh from the mutable map. Part of: dogtagpki#3297
frasertweedale
added a commit
to frasertweedale/pki
that referenced
this pull request
Oct 26, 2022
At least one EST client is known to send requests with HTTP header `Accept: text/plain`; see thales-e-security/estclient#5. This behaviour is dubious. It is problematic when communicating with servers/frameworks that have rigid content negotiation behaviour (such as JAX-RS). Nevertheless, the EST protocol uses a narrow range of media types. The method and path are sufficient to determine the request and response media types, regardless of Content-Type and Accept header values. To tolerate bogus Accept header values, define and apply a ContainerRequestFilter that detects when the Accept header does not match any of the response types used in the EST protocol. If it detects this condition it removes the Accept header from the request. NOTE: the JAX-RS spec is ambiguous as to whether our use of the API is legal. Per the spec, `ContainerRequestContext.getAcceptableMediaTypes()` returns an IMMUTABLE `List<MediaType>`. However, `ContainerRequestContext.getHeaders()` returns a MUTABLE map of headers. We are able to delete the Accept header via that map. It seems to be a RestEasy implementation detail that `getAcceptableMediaTypes()` always reads the Accept header afresh from the mutable map. Part of: dogtagpki#3297
frasertweedale
added a commit
to frasertweedale/pki
that referenced
this pull request
Oct 31, 2022
At least one EST client is known to send requests with HTTP header `Accept: text/plain`; see thales-e-security/estclient#5. This behaviour is dubious. It is problematic when communicating with servers/frameworks that have rigid content negotiation behaviour (such as JAX-RS). Nevertheless, the EST protocol uses a narrow range of media types. The method and path are sufficient to determine the request and response media types, regardless of Content-Type and Accept header values. To tolerate bogus Accept header values, define and apply a ContainerRequestFilter that detects when the Accept header does not match any of the response types used in the EST protocol. If it detects this condition it removes the Accept header from the request. NOTE: the JAX-RS spec is ambiguous as to whether our use of the API is legal. Per the spec, `ContainerRequestContext.getAcceptableMediaTypes()` returns an IMMUTABLE `List<MediaType>`. However, `ContainerRequestContext.getHeaders()` returns a MUTABLE map of headers. We are able to delete the Accept header via that map. It seems to be a RestEasy implementation detail that `getAcceptableMediaTypes()` always reads the Accept header afresh from the mutable map. Part of: dogtagpki#3297
frasertweedale
added a commit
to frasertweedale/pki
that referenced
this pull request
Nov 2, 2022
At least one EST client is known to send requests with HTTP header `Accept: text/plain`; see thales-e-security/estclient#5. This behaviour is dubious. It is problematic when communicating with servers/frameworks that have rigid content negotiation behaviour (such as JAX-RS). Nevertheless, the EST protocol uses a narrow range of media types. The method and path are sufficient to determine the request and response media types, regardless of Content-Type and Accept header values. To tolerate bogus Accept header values, define and apply a ContainerRequestFilter that detects when the Accept header does not match any of the response types used in the EST protocol. If it detects this condition it removes the Accept header from the request. NOTE: the JAX-RS spec is ambiguous as to whether our use of the API is legal. Per the spec, `ContainerRequestContext.getAcceptableMediaTypes()` returns an IMMUTABLE `List<MediaType>`. However, `ContainerRequestContext.getHeaders()` returns a MUTABLE map of headers. We are able to delete the Accept header via that map. It seems to be a RestEasy implementation detail that `getAcceptableMediaTypes()` always reads the Accept header afresh from the mutable map. Part of: dogtagpki#3297
frasertweedale
added a commit
to frasertweedale/pki
that referenced
this pull request
Nov 2, 2022
At least one EST client is known to send requests with HTTP header `Accept: text/plain`; see thales-e-security/estclient#5. This behaviour is dubious. It is problematic when communicating with servers/frameworks that have rigid content negotiation behaviour (such as JAX-RS). Nevertheless, the EST protocol uses a narrow range of media types. The method and path are sufficient to determine the request and response media types, regardless of Content-Type and Accept header values. To tolerate bogus Accept header values, define and apply a ContainerRequestFilter that detects when the Accept header does not match any of the response types used in the EST protocol. If it detects this condition it removes the Accept header from the request. NOTE: the JAX-RS spec is ambiguous as to whether our use of the API is legal. Per the spec, `ContainerRequestContext.getAcceptableMediaTypes()` returns an IMMUTABLE `List<MediaType>`. However, `ContainerRequestContext.getHeaders()` returns a MUTABLE map of headers. We are able to delete the Accept header via that map. It seems to be a RestEasy implementation detail that `getAcceptableMediaTypes()` always reads the Accept header afresh from the mutable map. Part of: dogtagpki#3297
frasertweedale
added a commit
to frasertweedale/pki
that referenced
this pull request
Nov 15, 2022
At least one EST client is known to send requests with HTTP header `Accept: text/plain`; see thales-e-security/estclient#5. This behaviour is dubious. It is problematic when communicating with servers/frameworks that have rigid content negotiation behaviour (such as JAX-RS). Nevertheless, the EST protocol uses a narrow range of media types. The method and path are sufficient to determine the request and response media types, regardless of Content-Type and Accept header values. To tolerate bogus Accept header values, define and apply a ContainerRequestFilter that detects when the Accept header does not match any of the response types used in the EST protocol. If it detects this condition it removes the Accept header from the request. NOTE: the JAX-RS spec is ambiguous as to whether our use of the API is legal. Per the spec, `ContainerRequestContext.getAcceptableMediaTypes()` returns an IMMUTABLE `List<MediaType>`. However, `ContainerRequestContext.getHeaders()` returns a MUTABLE map of headers. We are able to delete the Accept header via that map. It seems to be a RestEasy implementation detail that `getAcceptableMediaTypes()` always reads the Accept header afresh from the mutable map. Part of: dogtagpki#3297
frasertweedale
added a commit
to frasertweedale/pki
that referenced
this pull request
Nov 29, 2022
At least one EST client is known to send requests with HTTP header `Accept: text/plain`; see thales-e-security/estclient#5. This behaviour is dubious. It is problematic when communicating with servers/frameworks that have rigid content negotiation behaviour (such as JAX-RS). Nevertheless, the EST protocol uses a narrow range of media types. The method and path are sufficient to determine the request and response media types, regardless of Content-Type and Accept header values. To tolerate bogus Accept header values, define and apply a ContainerRequestFilter that detects when the Accept header does not match any of the response types used in the EST protocol. If it detects this condition it removes the Accept header from the request. NOTE: the JAX-RS spec is ambiguous as to whether our use of the API is legal. Per the spec, `ContainerRequestContext.getAcceptableMediaTypes()` returns an IMMUTABLE `List<MediaType>`. However, `ContainerRequestContext.getHeaders()` returns a MUTABLE map of headers. We are able to delete the Accept header via that map. It seems to be a RestEasy implementation detail that `getAcceptableMediaTypes()` always reads the Accept header afresh from the mutable map. Part of: dogtagpki#3297
frasertweedale
added a commit
to dogtagpki/pki
that referenced
this pull request
Nov 29, 2022
At least one EST client is known to send requests with HTTP header `Accept: text/plain`; see thales-e-security/estclient#5. This behaviour is dubious. It is problematic when communicating with servers/frameworks that have rigid content negotiation behaviour (such as JAX-RS). Nevertheless, the EST protocol uses a narrow range of media types. The method and path are sufficient to determine the request and response media types, regardless of Content-Type and Accept header values. To tolerate bogus Accept header values, define and apply a ContainerRequestFilter that detects when the Accept header does not match any of the response types used in the EST protocol. If it detects this condition it removes the Accept header from the request. NOTE: the JAX-RS spec is ambiguous as to whether our use of the API is legal. Per the spec, `ContainerRequestContext.getAcceptableMediaTypes()` returns an IMMUTABLE `List<MediaType>`. However, `ContainerRequestContext.getHeaders()` returns a MUTABLE map of headers. We are able to delete the Accept header via that map. It seems to be a RestEasy implementation detail that `getAcceptableMediaTypes()` always reads the Accept header afresh from the mutable map. Part of: #3297
frasertweedale
added a commit
to frasertweedale/pki
that referenced
this pull request
Dec 13, 2022
At least one EST client is known to send requests with HTTP header `Accept: text/plain`; see thales-e-security/estclient#5. This behaviour is dubious. It is problematic when communicating with servers/frameworks that have rigid content negotiation behaviour (such as JAX-RS). Nevertheless, the EST protocol uses a narrow range of media types. The method and path are sufficient to determine the request and response media types, regardless of Content-Type and Accept header values. To tolerate bogus Accept header values, define and apply a ContainerRequestFilter that detects when the Accept header does not match any of the response types used in the EST protocol. If it detects this condition it removes the Accept header from the request. NOTE: the JAX-RS spec is ambiguous as to whether our use of the API is legal. Per the spec, `ContainerRequestContext.getAcceptableMediaTypes()` returns an IMMUTABLE `List<MediaType>`. However, `ContainerRequestContext.getHeaders()` returns a MUTABLE map of headers. We are able to delete the Accept header via that map. It seems to be a RestEasy implementation detail that `getAcceptableMediaTypes()` always reads the Accept header afresh from the mutable map. Part of: dogtagpki#3297
frasertweedale
added a commit
to frasertweedale/pki
that referenced
this pull request
Dec 13, 2022
At least one EST client is known to send requests with HTTP header `Accept: text/plain`; see thales-e-security/estclient#5. This behaviour is dubious. It is problematic when communicating with servers/frameworks that have rigid content negotiation behaviour (such as JAX-RS). Nevertheless, the EST protocol uses a narrow range of media types. The method and path are sufficient to determine the request and response media types, regardless of Content-Type and Accept header values. To tolerate bogus Accept header values, define and apply a ContainerRequestFilter that detects when the Accept header does not match any of the response types used in the EST protocol. If it detects this condition it removes the Accept header from the request. NOTE: the JAX-RS spec is ambiguous as to whether our use of the API is legal. Per the spec, `ContainerRequestContext.getAcceptableMediaTypes()` returns an IMMUTABLE `List<MediaType>`. However, `ContainerRequestContext.getHeaders()` returns a MUTABLE map of headers. We are able to delete the Accept header via that map. It seems to be a RestEasy implementation detail that `getAcceptableMediaTypes()` always reads the Accept header afresh from the mutable map. Part of: dogtagpki#3297
fmarco76
pushed a commit
to dogtagpki/pki
that referenced
this pull request
Dec 14, 2022
At least one EST client is known to send requests with HTTP header `Accept: text/plain`; see thales-e-security/estclient#5. This behaviour is dubious. It is problematic when communicating with servers/frameworks that have rigid content negotiation behaviour (such as JAX-RS). Nevertheless, the EST protocol uses a narrow range of media types. The method and path are sufficient to determine the request and response media types, regardless of Content-Type and Accept header values. To tolerate bogus Accept header values, define and apply a ContainerRequestFilter that detects when the Accept header does not match any of the response types used in the EST protocol. If it detects this condition it removes the Accept header from the request. NOTE: the JAX-RS spec is ambiguous as to whether our use of the API is legal. Per the spec, `ContainerRequestContext.getAcceptableMediaTypes()` returns an IMMUTABLE `List<MediaType>`. However, `ContainerRequestContext.getHeaders()` returns a MUTABLE map of headers. We are able to delete the Accept header via that map. It seems to be a RestEasy implementation detail that `getAcceptableMediaTypes()` always reads the Accept header afresh from the mutable map. Part of: #3297
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The
ClientOperation.ProducesMediaTypes field determines the value ofthe HTTP
Acceptheader in requests. The current implementationcauses
/cacerts,/simpleenrolland/simplereenrollrequests to besent with header
Accept: text/plain. This is incorrect, and canresult in EST servers reponding with status
406 Not Acceptable. Usethe correct value:
application/pkcs7-mime.