Summary
JDK-8326949 changed the behavior of the java.net.http HTTP client. This included a CSR to update relevant specification. Two locations were missed and this CSR aims to rectify that.
Problem
As above
Solution
Update the net.properties and module-info.java for java.net.http. In both cases, the following sentence is removed.
'This includes the "Authorization" header when the relevant HttpClient has an authenticator set.'
Specification
diff --git a/src/java.base/share/conf/net.properties b/src/java.base/share/conf/net.properties
index 2aa9a9630be..9245226e166 100644
--- a/src/java.base/share/conf/net.properties
+++ b/src/java.base/share/conf/net.properties
@@ -104,9 +104,7 @@ jdk.http.auth.tunneling.disabledSchemes=Basic
# to be used in real deployments. Protocol errors or other undefined behavior is likely
# to occur when using them. The property is not set by default.
# Note also, that there may be other headers that are restricted from being set
-# depending on the context. This includes the "Authorization" header when the
-# relevant HttpClient has an authenticator set. These restrictions cannot be
-# overridden by this property.
+# depending on the context. These restrictions cannot be overridden by this property.
#
# jdk.httpclient.allowRestrictedHeaders=host
#
diff --git a/src/java.net.http/share/classes/module-info.java b/src/java.net.http/share/classes/module-info.java
index c95d80657b8..5bd49792e38 100644
--- a/src/java.net.http/share/classes/module-info.java
+++ b/src/java.net.http/share/classes/module-info.java
@@ -45,9 +45,7 @@
* and whitespace is ignored. Note that this property is intended for testing and not for
* real-world deployments. Protocol errors or other undefined behavior are likely to occur
* when using this property. There may be other headers that are restricted from being set
- * depending on the context. This includes the "Authorization" header when the relevant
- * HttpClient has an authenticator set. These restrictions cannot be overridden by this
- * property.
+ * depending on the context. These restrictions cannot be overridden by this property.
* </li>
* <li><p><b>{@systemProperty jdk.httpclient.bufsize}</b> (default: 16384 bytes or 16 kB)<br>
* The size to use for internal allocated buffers in bytes.
- csr of
-
JDK-8343433 Update net.properties and java.net.http module-info.java after 8326949
-
- Resolved
-