root
/
spring-framework
mirror of https://github.com/spring-projects/spring-framework.git
1
0
Fork 0
Code Issues Actions 8 Packages Projects Releases Wiki Activity

Remove duplicate Content-Type header in error cases 

Prior to this commit, the `DispatcherServlet` would try and reset the
response buffer in case of errors, if the response is not committed
already. This allows for more flexible error handling, even if the
response was being handled already when it errored.

Resetting the response buffer clears the body but leaves HTTP response
headers intact. This is done on purpose as to not clear headers
previously added by Servlet Filters. By leaving in place some headers
like "Content-Type", this does not take into account the fact that the
response body was cleared and that error handling will perform another
round of content negotiation. While this isn't a problem for some
Servlet containers which enforce a single "Content-Type" header value,
this can cause multiple/duplicate values for some others.

This commit ensures that the "Content-Type" response header is removed
at the same time as we clear the "producible media types" attribute:
another pass of content negotiation will be performed for error
handling.

Fixes gh-34366
This commit is contained in:
Brian Clozel 2025-02-25 10:43:19 +01:00
parent 634d1dd20b
commit f895d762cd
2 changed files with 24 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
spring-webmvc/src/main/java/org/springframework/web/servlet/DispatcherServlet.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2024 the original author or authors.
* Copyright 2002-2025 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -48,6 +48,7 @@ import org.springframework.core.annotation.AnnotationAwareOrderComparator;
import org.springframework.core.io.ClassPathResource;
import org.springframework.core.io.support.PropertiesLoaderUtils;
import org.springframework.core.log.LogFormatUtils;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.MediaType;
import org.springframework.http.server.RequestPath;
@ -1341,9 +1342,10 @@ public class DispatcherServlet extends FrameworkServlet {
// Success and error responses may use different content types
request.removeAttribute(HandlerMapping.PRODUCIBLE_MEDIA_TYPES_ATTRIBUTE);
// Reset the response body buffer if the response is not committed already,
// leaving the response headers in place.
// Reset the response content-type header and body buffer if the response is not committed already,
// leaving the other response headers in place.
try {
response.setHeader(HttpHeaders.CONTENT_TYPE, null);
response.resetBuffer();
}
catch (IllegalStateException illegalStateException) {

20
spring-webmvc/src/test/java/org/springframework/web/servlet/DispatcherServletTests.java
View File

@ -1,5 +1,5 @@
/*
* Copyright 2002-2024 the original author or authors.
* Copyright 2002-2025 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -924,6 +924,23 @@ class DispatcherServletTests {
assertThat(response.getHeader("Test-Header")).isEqualTo("spring");
}
@Test
void shouldResetContentTypeIfNotCommitted() throws Exception {
StaticWebApplicationContext context = new StaticWebApplicationContext();
context.setServletContext(getServletContext());
context.registerSingleton("/error", ErrorController.class);
DispatcherServlet servlet = new DispatcherServlet(context);
servlet.init(servletConfig);
MockHttpServletRequest request = new MockHttpServletRequest(getServletContext(), "GET", "/error");
MockHttpServletResponse response = new MockHttpServletResponse();
assertThatThrownBy(() -> servlet.service(request, response)).isInstanceOf(ServletException.class)
.hasCauseInstanceOf(IllegalArgumentException.class);
assertThat(response.getContentAsByteArray()).isEmpty();
assertThat(response.getStatus()).isEqualTo(400);
assertThat(response.getHeaderNames()).doesNotContain(HttpHeaders.CONTENT_TYPE);
}
public static class ControllerFromParent implements Controller {
@ -976,6 +993,7 @@ class DispatcherServletTests {
public ModelAndView handleRequest(HttpServletRequest request, HttpServletResponse response) throws Exception {
response.setStatus(400);
response.setHeader("Test-Header", "spring");
response.addHeader("Content-Type", "application/json");
if (request.getAttribute("commit") != null) {
response.flushBuffer();
}