locked
Bug in Windows.Web.Http.HttpClient?

    Question

  • Hi,

    I think I have found a bug in Windows.Web.Http.HttpClient. I'm getting an AccessViolationException when making any request after setting DefaultRequestHeaders.Authorization to null. It is easily reproducible with the following code:

    var client = new HttpClient();
    client.DefaultRequestHeaders.Authorization = new HttpCredentialsHeaderValue("Bearer", "token");
    client.GetAsync(new Uri("http://google.com"));
    client.DefaultRequestHeaders.Authorization = null;
    client.GetAsync(new Uri("http://google.com"));

    Exception message: "Attempted to read or write protected memory. This is often an indication that other memory is corrupt."

    Thanks, Jonny

    Friday, February 28, 2014 11:38 AM

Answers

  • Hi Jonny,

    I was able to reproduce the problem and I am checking if it is truly a bug or not. I mean MSDN doesn't document clearly whether the "null" value is acceptable to be used as a set property.

    If you are currently blocked by this issue, you can use a workaround of removing the Authorization header by using this code line:

                    var client = new HttpClient();
                    client.DefaultRequestHeaders.Authorization = new HttpCredentialsHeaderValue("Bearer", "token");
                    client.GetAsync(new Uri("http://google.com"));
                    //client.DefaultRequestHeaders.Authorization = null; // Don't use this line
                    client.DefaultRequestHeaders.Remove("Authorization"); // Use this line instead to remove the Authorization header
                    client.GetAsync(new Uri("http://google.com"));

    Friday, February 28, 2014 10:21 PM
    Moderator

All replies

  • I will look into this and get back to you...

    Windows Store Developer Solutions, follow us on Twitter: @WSDevSol|| Want more solutions? See our blog

    Friday, February 28, 2014 8:21 PM
    Moderator
  • Hi Jonny,

    I was able to reproduce the problem and I am checking if it is truly a bug or not. I mean MSDN doesn't document clearly whether the "null" value is acceptable to be used as a set property.

    If you are currently blocked by this issue, you can use a workaround of removing the Authorization header by using this code line:

                    var client = new HttpClient();
                    client.DefaultRequestHeaders.Authorization = new HttpCredentialsHeaderValue("Bearer", "token");
                    client.GetAsync(new Uri("http://google.com"));
                    //client.DefaultRequestHeaders.Authorization = null; // Don't use this line
                    client.DefaultRequestHeaders.Remove("Authorization"); // Use this line instead to remove the Authorization header
                    client.GetAsync(new Uri("http://google.com"));

    Friday, February 28, 2014 10:21 PM
    Moderator
  • Thank you for your help, the Remove workaround works fine for us.

    I would argue that even if null is not a valid value, the setter should throw an ArgumentNullException, rather than a later call throwing an AccessViolationException.

    Monday, March 3, 2014 10:23 AM
  • Thanks for the feedback and reporting this issue Jonny!

    I have opened a code bug as well as a doc bug for this issue. I cannot tell you when it will be fixed, but you can definitely use the workaround for now.

    Regards,

    Prashant.


    Windows Store Developer Solutions, follow us on Twitter: @WSDevSol|| Want more solutions? See our blog

    Monday, March 3, 2014 10:58 PM
    Moderator