For proxied responses, we have been combining headers which can creat…

…e duplicates ("Access-Control-Allow-Origin" is the most problematic). So dedupe them.
ibi-group · Oct 30, 2023 · 17e330e · 17e330e
1 parent 781aa7d
commit 17e330e
Showing 1 changed file with 7 additions and 3 deletions.
diff --git a/src/main/java/org/opentripplanner/middleware/controllers/api/OtpRequestProcessor.java b/src/main/java/org/opentripplanner/middleware/controllers/api/OtpRequestProcessor.java
@@ -210,11 +210,15 @@ private String proxyPost(Request request, Response response) {
             } catch(NullPointerException e) {
                 LOG.warn("Failed to read variables from GraphQL Plan request. Still passing to OTP2: {}", e.getMessage());
             }
-
         }
 
-        // provide response to requester as received from OTP server
-        Arrays.stream(otpDispatcherResponse.headers).forEach(header -> response.header(header.getName(), header.getValue()));
+        // Add response headers to requester as it was received from OTP server, but beware that
+        // spark.Response#header() will duplicate rather than update, so filter out duplicates.
+        Arrays.stream(otpDispatcherResponse.headers)
+            .filter(h -> !response.raw().containsHeader(h.getName()))
+            //.peek(h -> LOG.info("NEW {}={}", h.getName(), h.getValue()))
+            .forEach(h -> response.header(h.getName(), h.getValue()));
+
         response.status(otpDispatcherResponse.statusCode);
         return otpDispatcherResponse.responseBody;
     }