From 39c9d00316bf0cde73084a6fd235f5acae9104a6 Mon Sep 17 00:00:00 2001
From: snehar-nd <sneha@navadhiti.com>
Date: Wed, 27 May 2026 15:31:05 +0530
Subject: [PATCH] fix: prevent JWT cookie accumulation in outgoing HTTP headers

Shared HttpHeaders field in HttpUtils was mutated via add() on every
request, causing Cookie header to grow unbounded across calls. CTI
server rejected requests once the header exceeded its size limit.
post() and getV1() now create fresh HttpHeaders per request, consistent
with the existing get() pattern.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .../java/com/iemr/common/utils/http/HttpUtils.java   | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/src/main/java/com/iemr/common/utils/http/HttpUtils.java b/src/main/java/com/iemr/common/utils/http/HttpUtils.java
index 4f49e662..6b18bb58 100644
--- a/src/main/java/com/iemr/common/utils/http/HttpUtils.java
+++ b/src/main/java/com/iemr/common/utils/http/HttpUtils.java
@@ -77,8 +77,10 @@ public String get(String uri) {
 	}
 
 	public ResponseEntity<String> getV1(String uri) throws URISyntaxException, MalformedURLException {
-		RestTemplateUtil.getJwttokenFromHeaders(headers);
-		HttpEntity<String> requestEntity = new HttpEntity<String>("", headers);
+		HttpHeaders requestHeaders = new HttpHeaders();
+		requestHeaders.add("Content-Type", "application/json");
+		RestTemplateUtil.getJwttokenFromHeaders(requestHeaders);
+		HttpEntity<String> requestEntity = new HttpEntity<String>("", requestHeaders);
 		ResponseEntity<String> responseEntity = rest.exchange(uri, HttpMethod.GET, requestEntity, String.class);
 		return responseEntity;
 	}
@@ -104,8 +106,10 @@ public String get(String uri, HashMap<String, Object> header) {
 
 	public String post(String uri, String json) {
 		String body;
-		RestTemplateUtil.getJwttokenFromHeaders(headers);
-		HttpEntity<String> requestEntity = new HttpEntity<String>(json, headers);
+		HttpHeaders requestHeaders = new HttpHeaders();
+		requestHeaders.add("Content-Type", "application/json");
+		RestTemplateUtil.getJwttokenFromHeaders(requestHeaders);
+		HttpEntity<String> requestEntity = new HttpEntity<String>(json, requestHeaders);
 		ResponseEntity<String> responseEntity = rest.exchange(uri, HttpMethod.POST, requestEntity, String.class);
 		setStatus((HttpStatus) responseEntity.getStatusCode());
 		body = responseEntity.getBody();