| Summary: | RequestDumperFilter duplicates headers | ||
|---|---|---|---|
| Product: | Tomcat 9 | Reporter: | Greg Peterson <gpeterson> |
| Component: | Catalina | Assignee: | Tomcat Developers Mailing List <dev> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | michaelo |
| Priority: | P2 | ||
| Version: | 9.0.x | ||
| Target Milestone: | ----- | ||
| Hardware: | PC | ||
| OS: | All | ||
| Attachments: | Patch to correct logging of response headers | ||
I'm thinking that the return value for getHeaderNames() should be de-duplicated. The only scenarios I can think of where that would cause issues, the client is doing something unreasonable. Fixed in: - master for 10.0.0-M2 onwards - 9.0.x for 9.0.32 onwards - 8.5.x for 8.5.52 onwards - 7.0.x for 7.0.101 onwards |
Created attachment 37031 [details] Patch to correct logging of response headers The RequestDumper attempts to log the outgoing headers by first obtaining the header names, then for each header name it outputs the values for that header. The problem is that the header names are not unique, so if there are two cookies, there are two Set-Cookie headers. The dumper uses the getHeaders method, which returns all values for the named header. Since it sees the Set-Cookie header twice, calling getHeaders returns both values, so it logs both values for each occurrence of the Set-Cookie header, so we see each cookie twice in the request log. Attached patch ensures headers are unique before logging.