Bug in HttpHeaders class. Headers are not mutated properly in constructor #33802
Description
There is a serious bug in org.springframework.http.HttpHeaders in the following constructor
public HttpHeaders(MultiValueMap<String, String> headers) {
Assert.notNull(headers, "MultiValueMap must not be null");
this.headers = headers;
}
As one can notice the constructor is keeping only a reference of the headers passed as arguments. Due to this, if the passed argument is of instance ReadOnlyHttpHeaders then any add/remove operation is throwing exception.
The above problem also affects the Spring Cloud Gateway filter org.springframework.cloud.gateway.filter.factory.RemoveRequestHeaderGatewayFilterFactory
The following code snippet
exchange.getRequest().mutate().headers(httpHeaders -> httpHeaders.remove(config.getName())).build()
will always throw exception when the headers are read only.
The mutate function call org.springframework.http.server.reactive.DefaultServerHttpRequestBuilder which then internally calls HttpHeaders.writableHttpHeaders.
In HttpHeaders.writableHttpHeaders the following line is causing the problem return (headers instanceof ReadOnlyHttpHeaders ? new HttpHeaders(headers.headers) : headers); because as initially mentioned the HttpHeaders constructor is simply holding a reference of the read only headers and not mutating in true sense. This bug needs to be fixed ASAP.