Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Allow for multiple HTTP headers with same field name in ResponseHeader

See original GitHub issue

Are you looking for help?

Following up the discussion on glitter channel https://gitter.im/lagom/lagom?at=59bfcc2d7b7d98d30d0d3005

Lagom Version (1.2.x / 1.3.x / etc)

1.4.0-M2

API (Scala / Java / Neither / Both)

Scala

Operating System (Ubuntu 15.10 / MacOS 10.10 / Windows 10)

MacOS 10.12.6 (16G29)

JDK (Oracle 1.8.0_112, OpenJDK 1.8.x, Azul Zing)

Oracle 1.8.0_111

java version "1.8.0_111"
Java(TM) SE Runtime Environment (build 1.8.0_111-b14)
Java HotSpot(TM) 64-Bit Server VM (build 25.111-b14, mixed mode)

Expected Behavior

  1. Define a service implementation such as
def method: ServerServiceCall[NotUsed, Done] = ServerServiceCall { (_, _) =>
    Future.successful((ResponseHeader.Ok
        .withHeader("Set-Cookie", s"cookie1=One; Path=/;")
        .addHeader("Set-cookie", s"cookie2=Two; Path=/;"),
      Done))
  }

Suspected behavior also appears with this definition

def method: ServerServiceCall[NotUsed, Done] = ServerServiceCall { (_, _) =>
    Future.successful((ResponseHeader.Ok.withHeaders(immutable.Seq(
          ("Set-Cookie", s"cookie1=One; Path=/;"),
          ("Set-cookie", s"cookie2=Two; Path=/;")
      )), 
    Done))
}
  1. Wire it as a REST call with the descriptor in the api
override final def descriptor = {
    import Service._
    named("SomeService").withCalls(
      restCall(Method.GET, "/api/method", method _)
    ).withAutoAcl(true)
  }
  1. Start lagom server
$ sbt runAll
  1. Call the rest endpoint and get both set-cookieheaders in the response
$ curl -v -X GET   http://localhost:9000/api/method
*   Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 9000 (#0)
> PUT /api/logout HTTP/1.1
> Host: localhost:9000
> User-Agent: curl/7.54.0
> Accept: */*
>
< HTTP/1.1 200 OK
< set-cookie: cookie1=One; Path=/
< set-cookie: cookie2=Two; Path=/
< Date: Mon, 18 Sep 2017 13:39:41 GMT
< Server: akka-http/10.0.9
< Content-Length: 0
<
* Connection #0 to host localhost left intact

Actual Behavior

$ curl -v -X GET   http://localhost:9000/api/method
*   Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 9000 (#0)
> PUT /api/logout HTTP/1.1
> Host: localhost:9000
> User-Agent: curl/7.54.0
> Accept: */*
>
< HTTP/1.1 200 OK
< set-cookie: cookie1=One; Path=/
< Date: Mon, 18 Sep 2017 13:39:41 GMT
< Server: akka-http/10.0.9
< Content-Length: 0
<
* Connection #0 to host localhost left intact

The response HTTP headers only contains one occurence of “set-cookie” header, the first defined.

As RFC 6265 states its required to use multiple occurence of headers with the same field name for set-cookie . Others HTTP headers will probably fall in the same case (most notably those from X- non-standards headers)

Issue Analytics

  • State:closed
  • Created 6 years ago
  • Comments:5 (3 by maintainers)

github_iconTop GitHub Comments

1reaction
jropercommented, Sep 20, 2017
1reaction
gmethvincommented, Sep 21, 2017

At its core I believe this is a Play issue, not a Lagom one. There is some context here: https://github.com/playframework/playframework/issues/3279

This is not really a problem for Play users because Play already has a high-level API to handle cookies, for example:

Ok("Hello world").withCookies(Cookie("cookie1", "One"), Cookie("cookie2", "Two"))

Lagom has it’s own ResponseHeader that wraps Play’s, and doesn’t have any explicit handling for cookies.

As a workaround, I think it should work to use a single Set-Cookie header with ;; separating the cookies: cookie1=One;Path=/;;cookie2=Two;Path=/. The server should “unfold” those cookies and serve them as separate cookie headers.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Standard for adding multiple values of a single HTTP Header ...
It MUST be possible to combine the multiple header fields into one "field-name: field-value" pair, without changing the semantics of the message ...
Read more >
Access multi-value HTTP headers incorrectly in an API Proxy ...
The HTTP headers are the name value pairs that allow the client ... The HTTP Headers can have one or more values depending...
Read more >
Access-Control-Allow-Headers - HTTP - MDN Web Docs
The Access-Control-Allow-Headers response header is used in response to a preflight request which includes the ...
Read more >
Multiple header values with the same name - HTTPie
If the request is sent with multiple headers that are sharing the same name, then the HTTPie will send them individually. http --offline...
Read more >
Setting multiple response headers with same name, different ...
So IIS dooesn't allow custom response headers with same name. In the http specification: Multiple message-header fields with the same field-name ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Devmode service tags

Next page

Replace EnsureActive with Akka's StartEntity