uaa icon indicating copy to clipboard operation
uaa copied to clipboard
verified publisher icon cloudfoundry

HTTP TRACE Method still returning request information

Open tack-sap opened this issue 3 years ago • 2 comments

What version of UAA are you running?

{"version":"76.5.0"} deployed, but also on the latest develop branch

How are you deploying the UAA?

I am deploying the UAA locally only using gradlew, but it is reproducible in our bosh deployment

What did you do?

This is a followup to #2125 and #2129

When calling any endpoint of the UAA with an HTTP Trace method, I do not get the desired result back from the UAA.

What did you expect to see? What goal are you trying to achieve with the UAA?

I was expecting to get a 405 error and either no content or an 405 error page.

What did you see instead?

I get a 405 response code, but the Body of the response is still returning the complete HTTP request that was send to the UAA - including e.g. all headers that were added in between. As there is no need to have this information returned by the UAA and the details could contain information that should not be shown to the caller (e.g. internal IPs or other information that was added for the UAA), the UAA should not return this information to the caller.

tack-sap avatar Jan 26 '23 09:01 tack-sap

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/184324049

The labels on this github issue will be updated when the story is started.

cf-gitbot avatar Jan 26 '23 09:01 cf-gitbot

@tack-sap agree with you, can you please open a PR ?

strehle avatar Jan 26 '23 10:01 strehle