Skip to content

Comments

Add ASCII sanitization utility for HTTP header compatibility#1596

Merged
rahul-lohra merged 3 commits intodevelopfrom
bugfix/rahullohra/headers-sanitize
Jan 6, 2026
Merged

Add ASCII sanitization utility for HTTP header compatibility#1596
rahul-lohra merged 3 commits intodevelopfrom
bugfix/rahullohra/headers-sanitize

Conversation

@rahul-lohra
Copy link
Contributor

@rahul-lohra rahul-lohra commented Jan 5, 2026
edited by coderabbitai bot
Loading

Goal

Ensure HTTP headers are ASCII-safe by normalizing and stripping non-ASCII characters to prevent OkHttp header validation issues and align with Chat product behavior.

Implementation

Ensure HTTP headers are ASCII-safe by normalizing and stripping non-ASCII characters to prevent OkHttp header validation issues and align with Chat product behavior.

🎨 UI Changes

None

Testing

Pass special character in appName in StringBuilder and sdk should work as usual

Summary by CodeRabbit

  • Bug Fixes
    • Improved header handling with enhanced sanitization to properly process and normalize special characters, ensuring better compatibility across different character encodings and system configurations while maintaining stability.

✏️ Tip: You can customize this high-level summary in your review settings.

@rahul-lohra
fix: sanitize header content
32671cc
@rahul-lohra
chore: Remove unnecessary comment
0b47acb 
Removes a redundant `/**/` comment from the `buildUserAgent` function in `HeadersUtil.kt`.
@rahul-lohra rahul-lohra self-assigned this Jan 5, 2026
@rahul-lohra rahul-lohra added the pr:improvement Enhances an existing feature or code label Jan 5, 2026
@rahul-lohra rahul-lohra requested a review from a team as a code owner January 5, 2026 12:24
@github-actions
Copy link
Contributor

github-actions bot commented Jan 5, 2026
edited
Loading

PR checklist ✅

All required conditions are satisfied:

  • Title length is OK (or ignored by label).
  • At least one pr: label exists.
  • Sections ### Goal, ### Implementation, and ### Testing are filled.

🎉 Great job! This PR is ready for review.

@coderabbitai
Copy link

coderabbitai bot commented Jan 5, 2026
edited
Loading

Walkthrough

The change adds a header sanitization feature to HeadersUtil.kt by introducing a private extension function that normalizes and removes non-ASCII characters from SDK tracking headers using Java's Normalizer class.

Changes

Cohort / File(s) Summary
Header Sanitization
stream-video-android-core/src/main/kotlin/io/getstream/video/android/core/header/HeadersUtil.kt		 Added java.text.Normalizer import; introduced private String.sanitize() extension function that normalizes strings and strips non-ASCII characters; modified header construction to apply sanitization to buildSdkTrackingHeaders() result

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Poem

🐰 Headers dancing in the stream,
ASCII dreams and sanitized schemes,
Normalizer smooths the way,
Non-ASCII chars fade away!

Pre-merge checks and finishing touches

❌ Failed checks (1 warning, 1 inconclusive)
Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 25.00% which is insufficient. The required threshold is 80.00%. You can run @coderabbitai generate docstrings to improve docstring coverage.
Description check ❓ Inconclusive The description includes Goal and Implementation sections but lacks Testing details, UI Changes explanation, and incomplete contributor checklist. Expand the Testing section with specific test cases and expected outcomes. Complete the ☑️Contributor Checklist to indicate which items have been addressed (CLA signed, changelog updated, unit tests added, etc.).
✅ Passed checks (1 passed)
Check name Status Explanation
Title check ✅ Passed The title accurately describes the main change: adding an ASCII sanitization utility for HTTP headers. It directly matches the PR's core objective of ensuring HTTP header compatibility by normalizing and stripping non-ASCII characters.
✨ Finishing touches
  • 📝 Generate docstrings

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai bot reviewed Jan 5, 2026
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

Fix all issues with AI Agents 🤖 
In
@stream-video-android-core/src/main/kotlin/io/getstream/video/android/core/header/HeadersUtil.kt:
- Around line 101-104: The String.sanitize() extension currently compiles the
regex on every call, hurting performance; move the pattern to a precompiled
companion object constant (e.g. private val NON_ASCII_REGEX =
"[^\\p{ASCII}]".toRegex()) and use it in sanitize() instead of creating a new
regex each time, and add a brief KDoc to sanitize() explaining it performs
Unicode normalization (Normalizer.Form.NFD) and strips non-ASCII characters;
reference the sanitize() function and the new companion object constant when
making the change.
📜 Review details

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

  • Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between b9c9ceb and 0b47acb.

📒 Files selected for processing (1)
  • stream-video-android-core/src/main/kotlin/io/getstream/video/android/core/header/HeadersUtil.kt
🧰 Additional context used
📓 Path-based instructions (3)
**/*.{kt,java}

📄 CodeRabbit inference engine (AGENTS.md)

**/*.{kt,java}: Use Kotlin with JVM toolchain 17; Java is legacy-only
Use 4-space indentation with no trailing whitespace
Avoid wildcard imports

Files:

  • stream-video-android-core/src/main/kotlin/io/getstream/video/android/core/header/HeadersUtil.kt
**/*.{kt,kts}

📄 CodeRabbit inference engine (AGENTS.md)

**/*.{kt,kts}: Use PascalCase for types and Composables (e.g., StreamCallActivity, ParticipantGrid)
Use camelCase for functions and values
Use UPPER_SNAKE_CASE for constants only when truly constant
Prefer explicit visibility modifiers; limit internal leakage across modules
Keep critical RTC paths off the main thread; prefer coroutines with structured scopes
Monitor logging verbosity; rely on StreamVideoImpl.developmentMode for guardrails
Use KDoc (/** ... */) for public APIs and complex subsystems; link to Stream docs when relevant
Group large files with // region judiciously; keep commentary purposeful
Sanitize logs to avoid dumping JWTs, ICE tokens, or call IDs in verbose logs
Pause/resume capture on lifecycle changes; ensure background audio routing is intentional
Validate orientation, aspect ratio, and dynascale handling for both portrait/landscape phones and tablets
Keep concurrency deterministic—use structured coroutines and avoid global scope
Ensure cleanup/teardown paths handle cancellation and failure (important for sockets, queues, retries)

Files:

  • stream-video-android-core/src/main/kotlin/io/getstream/video/android/core/header/HeadersUtil.kt
**/*.{kt,java,kts,gradle.kts}

📄 CodeRabbit inference engine (AGENTS.md)

Follow Spotless formatting; ensure custom license headers are in spotless/ directory

Files:

  • stream-video-android-core/src/main/kotlin/io/getstream/video/android/core/header/HeadersUtil.kt
🧠 Learnings (1)
📚 Learning: 2025-12-19T09:15:37.269Z 
Learnt from: CR
Repo: GetStream/stream-video-android PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-19T09:15:37.269Z
Learning: Applies to **/*.{kt,kts} : Sanitize logs to avoid dumping JWTs, ICE tokens, or call IDs in verbose logs

Applied to files:

  • stream-video-android-core/src/main/kotlin/io/getstream/video/android/core/header/HeadersUtil.kt
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)
  • GitHub Check: Build / compose apks
  • GitHub Check: compare-sdk-sizes / Compare SDK sizes
  • GitHub Check: base-android-ci / Run unit tests
  • GitHub Check: base-android-ci / Build
  • GitHub Check: base-android-ci / Run static checks
🔇 Additional comments (2)
stream-video-android-core/src/main/kotlin/io/getstream/video/android/core/header/HeadersUtil.kt (2)

25-25: LGTM - Import is necessary for Unicode normalization.

The import of java.text.Normalizer is required for the ASCII sanitization feature.

85-85: LGTM - Sanitization applied at the correct point.

Applying .sanitize() to the fully assembled header string ensures the entire header value is ASCII-safe before being used in HTTP requests.

@github-actions
Copy link
Contributor

github-actions bot commented Jan 5, 2026
edited
Loading

SDK Size Comparison 📏

SDK Before After Difference Status
stream-video-android-core 11.94 MB 11.94 MB 0.00 MB 🟢
stream-video-android-ui-xml 5.68 MB 5.68 MB 0.00 MB 🟢
stream-video-android-ui-compose 6.27 MB 6.27 MB 0.00 MB 🟢

@rahul-lohra
Refactor: Optimize header sanitization regex
71db1ae 
This commit optimizes the `sanitize` function in `HeadersUtil` by extracting the regex for non-ASCII characters into a pre-compiled `private val`. This avoids recompiling the regular expression on every invocation of the function, improving performance.

Additionally, detailed KDoc has been added to the `sanitize` function to better explain its purpose and behavior, including examples of character decomposition.
@sonarqubecloud
Copy link

sonarqubecloud bot commented Jan 5, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@rahul-lohra rahul-lohra changed the title Add ASCII sanitization utility for HTTP header compatibility [AND-1005] Add ASCII sanitization utility for HTTP header compatibility Jan 6, 2026
@rahul-lohra rahul-lohra changed the title [AND-1005] Add ASCII sanitization utility for HTTP header compatibility Add ASCII sanitization utility for HTTP header compatibility Jan 6, 2026
@rahul-lohra rahul-lohra merged commit 419412a into develop Jan 6, 2026
14 checks passed
@rahul-lohra rahul-lohra deleted the bugfix/rahullohra/headers-sanitize branch January 6, 2026 08:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@PratimMallick PratimMallick PratimMallick approved these changes

Assignees

@rahul-lohra rahul-lohra

Labels

pr:improvement Enhances an existing feature or code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@rahul-lohra @PratimMallick