Fixing HttpClient warning "Invalid expires attribute" using fluent API

Question

I'm using the fluent API of HttpClient to make a GET request:

String jsonResult = Request.Get(requestUrl)
            .connectTimeout(2000)
            .socketTimeout(2000)
            .execute().returnContent().asString();

But for each request I get the following warning:

apr 07, 2016 12:26:46 PM org.apache.http.client.protocol.ResponseProcessCookies processCookies
WARNING: Invalid cookie header: "Set-Cookie: WMF-Last-Access=07-Apr-2016;Path=/;HttpOnly;Expires=Mon, 09 May 2016 00:00:00 GMT". Invalid 'expires' attribute: Mon, 09 May 2016 00:00:00 GMT

How can I fix this and keep using the fluent interface? Ideally I'd want a proper way to fix it, but since I don't really care about the cookies in my use case any solution that just allows me to stop displaying the warnings (besides redirecting stderr, cause I need that) is welcome.

score 137 · Accepted Answer · edited Apr 21 '20 at 13:37

137

The default HttpClient has difficulty understanding the latest RFC-compliant headers.

Instead of hiding the warning, just switch to a standard cookie spec like this (HttpClient 4.4+):

HttpClient httpClient = HttpClients.custom()
        .setDefaultRequestConfig(RequestConfig.custom()
                .setCookieSpec(CookieSpecs.STANDARD).build())
        .build();

edited Apr 21 '20 at 13:37

djm.im

3,153
4
26
42

answered Nov 19 '16 at 20:01

rustyx

73,455
21
176
240

5

you nailed it. I am using springboot resttemplate and it required an extra step of setting httpclient of HttpComponentsClientHttpRequestFactory object which is then passed on to resttemplate – comiventor Mar 13 '18 at 02:19
1

Here is report of this behaviour in HttpClient's jira with developer suggesting same thing: https://issues.apache.org/jira/browse/HTTPCLIENT-1763 – Sankozi Mar 06 '19 at 09:13
2

Is there a version of http client for which this is no longer a required setting? Setting the cookie spec to 'standard' seems like a sensible default to me. – Merijn Vogel Jun 29 '21 at 14:50

score 21 · Answer 2 · answered Nov 17 '17 at 06:40

If you want to use HttpClientBuilder you can use the following sytax:

        HttpClient httpClient = HttpClientBuilder.create()
            .setDefaultRequestConfig(RequestConfig.custom()
                    .setCookieSpec(CookieSpecs.STANDARD).build()).build();

A. Yasar G. · Answer 3 · 2019-10-19T15:16:37.923

For the developers don't want to think on the object model, wrapping the HttpClient for a RestTemplate might be used as below ( as @comiventor mentioned above especially for Spring Boot Developers).

a Customizer for RestTemplate,

public class RestTemplateStandardCookieCustomizer 
                         implements RestTemplateCustomizer {

    @Override
    public void customize(final RestTemplate restTemplate) {

        final HttpClient httpClient = HttpClients.custom()
            .setDefaultRequestConfig(RequestConfig.custom()
                .setCookieSpec(CookieSpecs.STANDARD).build())
            .build();

        restTemplate.setRequestFactory(
          new HttpComponentsClientHttpRequestFactory(httpClient)
        );
    }
}

and using it with the RestTemplate Builder

var restTemplate = restTemplateBuilder.additionalCustomizers(
            new RestTemplateStandardCookieCustomizer()
        ).build();

Setting the customizer as a Component is enough for it to work. SpringBoot picks it up automatically, no need to use the restTemplate builder. — sebnukem, Nov 08 '19 at 00:56

score 3 · Answer 4 · answered Apr 08 '16 at 15:43

3

Solved with:

System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.http.client.protocol.ResponseProcessCookies", "fatal");

answered Apr 08 '16 at 15:43

The Coding Monk

7,294
12
39
53

2

Just to note that you may need different syntax depending on which logging library is in use. See http://stackoverflow.com/questions/5188118/cant-turn-off-htmlunit-logging-messages for alternatives. – CfSimplicity Nov 01 '16 at 09:20
For log4j2: Configurator.setLevel("org.apache.http.client.protocol.ResponseProcessCookies", Level.FATAL); – Costi Muraru Nov 01 '18 at 21:51
13

That's not "solving" anything, it's just hiding the error. – sebnukem Oct 18 '19 at 15:55
8

Quoting the question: "I don't really care about the cookies in my use case any solution that **just allows me to stop displaying the warnings** (besides redirecting stderr, cause I need that) is welcome." – The Coding Monk Apr 20 '20 at 09:01

Fixing HttpClient warning "Invalid expires attribute" using fluent API

4 Answers4

a Customizer for RestTemplate,

and using it with the RestTemplate Builder

Linked