From cbee99b367c5353f7db3b2a75a44efa0e0bc9b58 Mon Sep 17 00:00:00 2001 From: Matthew Buckett Date: Wed, 20 May 2026 10:25:14 +0100 Subject: [PATCH 1/2] AB#125030 Drop transport-encoding headers in response. If Canvas sends transport encoding headers we should drop them as we will manage our own transport encoding back to the client. --- src/main/java/uk/ac/ox/ctl/canvasproxy/ProxyController.java | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/main/java/uk/ac/ox/ctl/canvasproxy/ProxyController.java b/src/main/java/uk/ac/ox/ctl/canvasproxy/ProxyController.java index 3f4ca1e..3432759 100644 --- a/src/main/java/uk/ac/ox/ctl/canvasproxy/ProxyController.java +++ b/src/main/java/uk/ac/ox/ctl/canvasproxy/ProxyController.java @@ -85,6 +85,8 @@ public ResponseEntity proxy(AbstractOAuth2TokenAuthenticationToken principal, // We don't want to pass through cookies from Canvas. httpHeaders.remove("Set-Cookie"); + // If Canvas sends back Chunked, we don't want to send that back to the client. + httpHeaders.remove("Transfer-Encoding"); return new ResponseEntity<>(response.getBody().readAllBytes(), httpHeaders, response.getStatusCode()); }); } catch (ResourceAccessException e) { From fbfacd0cc229bfa2ecd57abfdce4b8e66500f311 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 20 May 2026 09:36:35 +0000 Subject: [PATCH 2/2] AB#125030 Strip full hop-by-hop response headers in proxy Agent-Logs-Url: https://github.com/oxctl/tool-support/sessions/e5ed4dc6-bba4-46c2-a42d-4666454c0b41 Co-authored-by: buckett <5921+buckett@users.noreply.github.com> --- .../uk/ac/ox/ctl/canvasproxy/ProxyController.java | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/src/main/java/uk/ac/ox/ctl/canvasproxy/ProxyController.java b/src/main/java/uk/ac/ox/ctl/canvasproxy/ProxyController.java index 3432759..9fee93f 100644 --- a/src/main/java/uk/ac/ox/ctl/canvasproxy/ProxyController.java +++ b/src/main/java/uk/ac/ox/ctl/canvasproxy/ProxyController.java @@ -19,7 +19,10 @@ import java.net.SocketTimeoutException; import java.net.URI; import java.net.URISyntaxException; +import java.util.Arrays; +import java.util.HashSet; import java.util.Map; +import java.util.Set; /** * This proxy just sends requests on to Canvas. All it does is add the bearer token for the user. @@ -85,8 +88,14 @@ public ResponseEntity proxy(AbstractOAuth2TokenAuthenticationToken principal, // We don't want to pass through cookies from Canvas. httpHeaders.remove("Set-Cookie"); - // If Canvas sends back Chunked, we don't want to send that back to the client. - httpHeaders.remove("Transfer-Encoding"); + Set hopByHopHeaders = new HashSet<>(Set.of("Connection", "Keep-Alive", "Proxy-Authenticate", + "Proxy-Authorization", "TE", "Trailer", "Transfer-Encoding", "Upgrade")); + response.getHeaders().getOrEmpty("Connection").stream() + .flatMap(connectionValue -> Arrays.stream(connectionValue.split(","))) + .map(String::trim) + .filter(headerName -> !headerName.isEmpty()) + .forEach(hopByHopHeaders::add); + hopByHopHeaders.forEach(httpHeaders::remove); return new ResponseEntity<>(response.getBody().readAllBytes(), httpHeaders, response.getStatusCode()); }); } catch (ResourceAccessException e) {