Commit ee36e908 authored by Vincent Pelletier's avatar Vincent Pelletier Committed by Kazuhiko Shiozaki

erp5_oauth2_authorisation: Store more HTTPResponse headers using setHeader

During the response process (especially setBody), HTTPResponse accesses
and updates some response headers in its "headers" property (a dictionary).
addHeader puts the response headers in a list which will not be updated by
HTTPResponse. This is "more correct" from an RFC perspective, as any header
specified as being a sequence of values delimited by commas may be split
among multiple headers.
So, keep using addHeader by default, but special-case some headers which
are accessed and must be successfully updated by HTTPResponse itself so
that those headers are set using setHeader, which updates the "headers"
property.
parent b1905e6a
...@@ -883,18 +883,21 @@ def _handleOAuth2Error(RESPONSE, exc): ...@@ -883,18 +883,21 @@ def _handleOAuth2Error(RESPONSE, exc):
RESPONSE.setHeader('Content-Type', 'application/json') RESPONSE.setHeader('Content-Type', 'application/json')
RESPONSE.setBody(exc.json, lock=True) RESPONSE.setBody(exc.json, lock=True)
# A minimal set of headers which must not be set on an HTTPResponse using addHeader,
# but must be set using setHeader instead because HTTPResponse treat them specially
# (ex: modifies them while rendering the final response form).
_SPECIAL_HEADER_NAME_SET = (
'content-type',
'content-length',
)
def _setupZopeResponse(RESPONSE, status, header_item_list, body): def _setupZopeResponse(RESPONSE, status, header_item_list, body):
RESPONSE.setStatus(status, lock=True) RESPONSE.setStatus(status, lock=True)
for key, value in header_item_list: for key, value in header_item_list:
if key.lower().replace('_', '-') == 'content-type': (
# If RESPONSE is an HTTPResponse, it will not intercept this RESPONSE.setHeader
# RESPONSE.addHeader, and will set its own default value, if key.lower() in _SPECIAL_HEADER_NAME_SET else
# so the response ends up with multiple content-types, like: RESPONSE.addHeader
# text/plain; charset=utf-8, application/json )(key, value)
# So, intercept this header, and set it separately.
RESPONSE.setHeader(key, value)
else:
RESPONSE.addHeader(key, value)
return body return body
def _wrapOAuth2Endpoint(func): def _wrapOAuth2Endpoint(func):
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment