Commit b680b016 authored by Vincent Pelletier's avatar Vincent Pelletier

erp5_oauth2_authorisation: Store more HTTPResponse headers using setHeader

During the response process (especially setBody), HTTPResponse accesses
and updates some response headers in its "headers" property (a dictionary).
addHeader puts the response headers in a list which will not be updated by
HTTPResponse. This is "more correct" from an RFC perspective, as any header
specified as being a sequence of values delimited by commas may be split
among multiple headers.
So, keep using addHeader by default, but special-case some headers which
are accessed and must be successfully updated by HTTPResponse itself so
that those headers are set using setHeader, which updates the "headers"
property.
parent 93f018e7
Pipeline #29724 failed with stage
in 0 seconds
......@@ -883,18 +883,21 @@ def _handleOAuth2Error(RESPONSE, exc):
RESPONSE.setHeader('Content-Type', 'application/json')
RESPONSE.setBody(exc.json, lock=True)
# A minimal set of headers which must not be set on an HTTPResponse using addHeader,
# but must be set using setHeader instead because HTTPResponse treat them specially
# (ex: modifies them while rendering the final response form).
_SPECIAL_HEADER_NAME_SET = (
'content-type',
'content-length',
)
def _setupZopeResponse(RESPONSE, status, header_item_list, body):
RESPONSE.setStatus(status, lock=True)
for key, value in header_item_list:
if key.lower().replace('_', '-') == 'content-type':
# If RESPONSE is an HTTPResponse, it will not intercept this
# RESPONSE.addHeader, and will set its own default value,
# so the response ends up with multiple content-types, like:
# text/plain; charset=utf-8, application/json
# So, intercept this header, and set it separately.
RESPONSE.setHeader(key, value)
else:
RESPONSE.addHeader(key, value)
(
RESPONSE.setHeader
if key.lower() in _SPECIAL_HEADER_NAME_SET else
RESPONSE.addHeader
)(key, value)
return body
def _wrapOAuth2Endpoint(func):
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment