StrictServerWebExchangeFirewall breaks spring-cloud-gateways RemoveRequestHeaderGatewayFilterFactory #16013
Assignees
Labels
in: web
An issue in web modules (web, webmvc)
status: duplicate
A duplicate of another issue
type: bug
A general bug
Comments
sandra-markerud
added
status: waiting-for-triage
|
Thanks @sandra-markerud. I believe this is a duplicate of gh-15989. See this comment for the workaround in the meantime. Please let me know if I have misunderstood anything. |
sjohnr
added
status: duplicate
|
Thanks @sjohnr |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Describe the bug
With the update to spring-boot-3.3.5, our spring-cloud-gateway application breaks within the built-in "RemoveRequestHeaderGatewayFilterFactory". The exchange to be mutated is now a "StrictFirewallServerWebExchange". Those headers cannot be deleted anymore. Hence, the application throws an UnsupportedOperationException at org.springframework.http.ReadOnlyHttpHeaders.remove
To Reproduce
Within a spring-cloud-gateway application define a route that has the "RemoveRequestHeaderGatewayFilterFactory" applied. Is has to be secured using spring-security (e.g. oauth).
Expected behavior
No exception anymore but the filter to work again
Sample
https://github.com/sandra-markerud/spring-cloud-gateway-upgrade
The main branch contains a working application. The "RemoveRequestHeaderTest" shows, that everything works prior the upgrade. Additionally, the tooling folder contains a docker dompose file for a keycloak and mockserver and http requests for a live demo.
The spring-boot_3.3.5 branch upgrades the application to spring-boot-3.3.5 and now the tests fails with the mentioned exception.
The text was updated successfully, but these errors were encountered: