3009
3010 // constant strings represent set-cookie header names
3011 private static final String SET_COOKIE = "set-cookie";
3012 private static final String SET_COOKIE2 = "set-cookie2";
3013
3014 /**
3015 * Returns a filtered version of the given headers value.
3016 *
3017 * Note: The implementation currently only filters out HttpOnly cookies
3018 * from Set-Cookie and Set-Cookie2 headers.
3019 */
3020 private String filterHeaderField(String name, String value) {
3021 if (value == null)
3022 return null;
3023
3024 if (SET_COOKIE.equalsIgnoreCase(name) ||
3025 SET_COOKIE2.equalsIgnoreCase(name)) {
3026
3027 // Filtering only if there is a cookie handler. [Assumption: the
3028 // cookie handler will store/retrieve the HttpOnly cookies]
3029 if (cookieHandler == null || value.length() == 0)
3030 return value;
3031
3032 JavaNetHttpCookieAccess access =
3033 SharedSecrets.getJavaNetHttpCookieAccess();
3034 StringJoiner retValue = new StringJoiner(","); // RFC 2965, comma separated
3035 List<HttpCookie> cookies = access.parse(value);
3036 for (HttpCookie cookie : cookies) {
3037 // skip HttpOnly cookies
3038 if (!cookie.isHttpOnly())
3039 retValue.add(access.header(cookie));
3040 }
3041 return retValue.toString();
3042 }
3043
3044 return value;
3045 }
3046
3047 // Cache the filtered response headers so that they don't need
3048 // to be generated for every getHeaderFields() call.
3049 private Map<String, List<String>> filteredHeaders; // null
|
3009
3010 // constant strings represent set-cookie header names
3011 private static final String SET_COOKIE = "set-cookie";
3012 private static final String SET_COOKIE2 = "set-cookie2";
3013
3014 /**
3015 * Returns a filtered version of the given headers value.
3016 *
3017 * Note: The implementation currently only filters out HttpOnly cookies
3018 * from Set-Cookie and Set-Cookie2 headers.
3019 */
3020 private String filterHeaderField(String name, String value) {
3021 if (value == null)
3022 return null;
3023
3024 if (SET_COOKIE.equalsIgnoreCase(name) ||
3025 SET_COOKIE2.equalsIgnoreCase(name)) {
3026
3027 // Filtering only if there is a cookie handler. [Assumption: the
3028 // cookie handler will store/retrieve the HttpOnly cookies]
3029 if (cookieHandler == null || value.isEmpty())
3030 return value;
3031
3032 JavaNetHttpCookieAccess access =
3033 SharedSecrets.getJavaNetHttpCookieAccess();
3034 StringJoiner retValue = new StringJoiner(","); // RFC 2965, comma separated
3035 List<HttpCookie> cookies = access.parse(value);
3036 for (HttpCookie cookie : cookies) {
3037 // skip HttpOnly cookies
3038 if (!cookie.isHttpOnly())
3039 retValue.add(access.header(cookie));
3040 }
3041 return retValue.toString();
3042 }
3043
3044 return value;
3045 }
3046
3047 // Cache the filtered response headers so that they don't need
3048 // to be generated for every getHeaderFields() call.
3049 private Map<String, List<String>> filteredHeaders; // null
|