This commit ensures handling is cancelled in case of onError/Timeout
callback from the Servlet container.
Separately we detect the same in ServletServerHttpRequest and
ServletServerHttpResponse, which signal onError to the read publisher
and cancel writing, but if the onError/Timeout arrives after reading
is done and before writing has started (e.g. longer handling), then
neither will reach handling.
See gh-26434, gh-26407
Add factory methods to `AbstractEnvironment` that allow a custom
`ConfigurablePropertyResolver` and `MutablePropertySources` instance
to be used.
See gh-26462
This commit better aligns how URI variable placeholders are detected
in UriComponentsBuilder#encode (i.e. the pre-encoding of the literal
parts of a URI template) and how they are expanded later on.
The latter relies on a pattern that stops at the first closing '}'
which excludes the possibility for well-formed, nested placeholders
other than variables with regex syntax, e.g. "{year:\d{1,4}}".
UriComponentsBuilder#encode now also stops at the first closing '}' and
further ensures the placeholder is not empty and that it has '{' before
deciding to treat it as a URI variable.
Closes gh-26466
Previously this method returned headers only when a Content-Type part header
was present. Now it is guaranteed to return headers (possibly empty) as long
as there is a MultipartFile or Part with the given name.
Closes gh-26501
Prior to this commit, calls to setLocale() MockHttpServletResponse
would result in a NullPointerException if the supplied Locale was null.
Although the Javadoc for setLocale(Locale) and addHeader(String, String)
in javax.servlet.ServletResponse does not specify how a null
Locale should be handled, both Tomcat and Jetty simply ignore a null
value.
This commit therefore updates MockHttpServletResponse to silently
ignore a null Locale passed to setLocale().
Closes gh-26493
Prior to this commit, calls to setHeader() and addHeader() in
MockHttpServletResponse would result in an IllegalArgumentException or
NullPointerException if the supplied header value was null.
Although the Javadoc for setHeader(String, String) and
addHeader(String, String) in javax.servlet.http.HttpServletResponse
does not specify how a null header value should be handled, both Tomcat
and Jetty simply ignore a null value. Furthermore,
org.springframework.http.HttpHeaders.add(String, String) declares the
headerValue parameter as @Nullable.
This commit therefore updates MockHttpServletResponse to silently
ignore null header values passed to setHeader() and addHeader().
Closes gh-26488
Remove support for open polymorphic serialization in
kotlinx.serialization web converters and codecs in order
to prevent serialization handling suitable for Jackson
or other general purpose Java JSON libraries.
This will probably need further refinements for collections
for example, and could ultimately be fixed when
kotlinx.serialization will provide a dedicated function to
evaluate upfront if a type can be serialized or not.
Closes gh-26298
Prior to this commit, WebFlux native headers adapters would delegate the
`httpHeaders.keySet` to underlying implementations that do not honor the
`remove*` methods.
This commit fixes the `Set` implementation backing the
`httpHeaders.keySet` and ensures that headers can be safely removed from
the set.
Fixes gh-26361
Instead of using a new bounded elastic scheduler per
DefaultPartHttpMessageReader instance, which creates daemon threads that
are not shut down, we now use the shared bounded elastic scheduler.
Closes gh-26347
This commit only writes the 'charset' parameter in the written headers
if it is non-default (not UTF-8), since RFC7578 states that the only
allowed parameter is 'boundary'.
See gh-25885
Closes gh-26290
Prior to this commit, the `ServletServerHttpResponse` would copy headers
from the `HttpHeaders` map and calls methods related to headers exposed
as properties (content-type, character encoding).
Unlike its reactive variant, this would not set the content length.
Depending on the Servlet container implementation, this could cause
duplicate Content-Length response headers in the actual HTTP response.
This commit aligns both implementations and ensures that the
`setContentLengthLong` method is called if necessary so that the Servlet
container can ensure a single header for that.
Fixes gh-26330
- Remove unused clone() code left-over from previous way of cloning.
- Lazy instantiation of ServerCodecConfigurer in
HttpWebHandlerAdapter since in most cases the configurer instance
is set externally.
Closes gh-26263
This new option allows a cancel signal to abort the request, which is
how we expect a connection to be aborted in a reactive chain that
involves the WebClient.
Closes gh-26287
Prior to this commit, the `NettyHeadersAdapter` would directly delegate
the `add()` and `set()` calls to the adapted
`io.netty.handler.codec.http.HttpHeaders`. This implementation rejects
`null` values with exceptions.
This commit aligns the behavior here with other implementations, by not
rejecting null values but simply ignoring them.
Fixes gh-26274
HttpMessageWriter implementations now attach the request log prefix
as a hint to created data buffers when the logger associated with
the writer is at DEBUG level.
Closes gh-26230
This commit improves the Javadoc for the `ForwardedHeaderFilter`
(Servlet Filter) and `ForwardedHeaderTransformer` (reactive variant) so
as to mention security considerations linked to Forwarded HTTP headers.
Closes gh-26081
This commit adds support for sending Server-Sent Events in WebMvc.fn,
through the ServerResponse.sse method that takes a SseBuilder DSL.
It also includes reference documentation.
Closes gh-25920
This commit introduces the following changes:
- Converters/codecs are now used based on generic type info.
- On WebMvc and WebFlux, kotlinx.serialization is enabled along
to Jackson because it only serializes Kotlin @Serializable classes
which is not enough for error or actuator endpoints in Boot as
described on spring-projects/spring-boot#24238.
TODO: leverage Kotlin/kotlinx.serialization#1164 when fixed.
Closes gh-26147
This commit only writes the 'charset' parameter in the written headers
if it is non-default (not UTF-8), since RFC7578 states that the only
allowed parameter is 'boundary'.
Closes gh-25885
There are more locations which could benefit from not using a
toCharArray on a String, but rather use the charAt method from
the String itself. This to prevent an additional copy of the
char[] being created.
The migration from JUnit 4 assertions to AssertJ assertions resulted in
several unnecessary casts from int to long that actually cause
assertions to pass when they should otherwise fail.
This commit fixes all such bugs for the pattern `.isNotEqualTo((long)`.
Prior to this commit, references to `JsonGenerator` and
`ByteArrayBuilder` were not closed/released within codecs calls.
This prevents Jackson from reusing more efficiently shared memory
resources.
This commit properly closes/releases Jackson resources in Spring MVC,
Spring WebFlux and Spring Messaging codecs.
A benchmark on WebFlux codecs (in both single value/streaming mode)
shows significant throughput and allocation improvements for small
payloads.
Closes gh-25910
This commit adds support for Kotlin Coroutines suspending functions to
Spring MVC, by converting those to a Mono that can then be handled by
the asynchronous request processing feature.
It also optimizes Coroutines detection with the introduction of an
optimized KotlinDetector.isSuspendingFunction() method that does not
require kotlin-reflect.
Closes gh-23611
Flow decoding is not supported yet since it depends on
kotlin/kotlinx.serialization#1073, but it will be
enabled when this issue will be fixed.
Closes gh-25771
The workaround was removed in the 5.3 milestone phase and in master
only because the referenced Jetty issue is marked fixed. However,
what we need to replace it with should be a little more involved
and also it's not entirely clear if the fixes in Jetty aligns with
our release and retain semantics so that needs to be investigated
more thoroughly.
Prior to this commit, the Series value for an HttpStatus was always
evaluated which resulted in an allocation of a Series array by invoking
Series.values() which makes a defensive copy.
This commit addresses this issue by hardcoding the corresponding Series
within the HttpStatus constructor, thereby avoiding any unnecessary
computations. In addition, a unit test has been added to verify that
all HttpStatus enum constants have a properly configured Series.
Closes gh-22366
This commit deprecates LiveBeansView and related classes in order to allow
a future removal in order to increase the separation of concerns between
Spring Framework and Spring Boot, and the consistency between JVM
and native.
Closes gh-25820
See reactor/reactor-core#2374
All usages of this API are in tests, which are not checking overflow or
concurrent emissions - so a simple replacement with `try***` equivalents
is fine.
This commit remove the tokenization previously used in
UriComponentsBuilder#adaptFromForwardedHeaders, in order to support
Forwarded headers that have multiple, comma-separated 'for' elements.
Closes gh-25737
UrlPathHelper is often created and used without customizations or with
the same customizations. This commit introduces re-usable, instances.
Effectively a backport of commit 23233c.
See gh-25690
This commit makes several changes in both WebMvc.fn as well as
WebFlux.fn.
- ServerRequest now exposes a RequestPath through requestPath(), and
pathContainer() has been deprecated.
- The PathPredicate and PathResourceLookupFunction now respects this
RequestPath's pathInApplication() in their path-related
functionality.
- When nesting, the PathPredicate now appends the matched part of the
path to the current context path, instead of removing the matched
part (which was done previously). This has the same result: the
matched part is gone, but now the full path stays the same.
Closes gh-25270
MVC data class processor constructs target instance even in case of binding failure, as long as the corresponding method parameter is not marked as optional.
Closes gh-24372
Prior to this commit, MockHttpServletResponse's setCharacterEncoding()
method did not update the contentType property, which violates the
Servlet 2.4 Javadoc for getContentType() and setCharacterEncoding().
This commit addresses this issue; however, some existing tests may have
to be updated as a result of this change.
For example, note how some of the tests in this commit have been
refactored to use MediaType##isCompatibleWith() instead of asserting
exact matches for the value returned by MockHttpServletResponse's
getContentType() method.
Closes gh-25536
Prior to this commit, calling reset() on MockHttpServletResponse did not
reset the `charset` field to `false` which could result in the
"Content-Type" header containing `;charset=null` which in turn would
result in errors when parsing the "Content-Type" header.
This commit resets the charset field to `false` in
MockHttpServletResponse's reset() method to avoid such errors.
Closes gh-25501
Since reactor/reactor-netty#739, the `reactor-netty` module is now split
into two: `reactor-netty-core` and `reactor-netty-http`.
This commit updates the Spring Framework build accordingly.
- The compiler is configured to retain compatibility with Kotlin 1.3.
- Explicit API mode is not yet enabled but could be in the future.
- Some exceptions thrown by Kotlin have changed to NullPointerException,
see https://youtrack.jetbrains.com/issue/KT-22275 for more details.
Closes gh-24171
Prior to this commit, if the user supplied a comma-separated list such
as "en, it" as the Content-Language header value to
MockHttpServletResponse's setHeader() method, only the first language
was actually set in the response's Content-Language header (e.g., "en").
This commit ensures that all supplied content languages are set in the
response's Content-Language header.
Closes gh-25281
Because of security and broader industry support, support for several
remoting technologies is now deprecated and scheduled for removal in
Spring Framework 6.0.
This commit deprecates the following remoting technologies:
* HTTPInvoker
* RMI
* Hessian
* JMS remoting
Other remoting technologies like EJB or JAXWS might be deprecated in the
future depending on industry support.
Closes gh-25379
This commit makes sure that the StringHttpMessageConverter reads
input with "application/*+json" as Content-Type with the UTF-8
character set.
Closes gh-25328
This commit introduces support for writing JSON with an US-ASCII
character encoding in the Jackson encoder and message converter,
treating it like UTF-8.
See gh-25322
PR gh-358 introduced a "scheme but no host" check in the fromHttpUrl()
method in UriComponentsBuilder, but a similar check was not added to
fromUriString() at that time.
This commit introduces a "scheme but no host" check in fromUriString()
to align with the functionality in fromHttpUrl().
Note, however that the regular expressions used to match against the
hostname or IP address are inexact and still permit invalid host names
or IP addresses. True validation of the host portion of the URI is out
of scope for this commit.
Closes gh-25334
Prior to this commit, UriComponentsBuilder.fromHttpUrl() threw an
IllegalArgumentException if the provided URL contained a fragment.
This commit aligns the implementation of fromHttpUrl() with that of
fromUriString(), by parsing a fragment and storing it in the builder.
Closes gh-25300
Using @SafeVarargs in Jackson mapper builder and factory bean classes
allows the varargs methods to be used without a compiler warning. The
implementations of these methods do not perform unsafe operations on
their varargs parameter. It is therefore safe to add this annotation.
The following two methods are changed:
- add @SafeVarargs to Jackson2ObjectMapperBuilder#modulesToInstall
and make it final
- add @SafeVarargs to
Jackson2ObjectMapperFactoryBean#setModulesToInstall and make it final
This is a backwards incompatible change as these methods now have to be
declared final. Existing subclasses that override one of these methods
will break.
Closes gh-25311
This commit removes the UndertowDataBuffer, in favor of using regular
DataBuffers from the DataBufferFactory. During the development of the
DefaultPartHttpMessageReader, it was determined that invoking various
slicing and releasing operators on the UndertowDataBuffer resulted in
memory leaks. This commit fixes that.
This commit introduces the DefaultMultipartMessageReader, a fully
reactive multipart parser without third party dependencies.
An earlier version of this code was introduced in fb642ce, but removed
again in 77c24aa because of buffering issues.
Closes gh-21659
This commit fixes a recent regression as a result of 5225a57411
with the determination of non-pattern vs pattern URLs. That in turn affects the ability to perform
direct matches by URL path.
There is also a fix in PathPattern to recognize "catch-all" patterns as pattern syntax.
See gh-24945
The following was reported after the change and is related to it:
https://github.com/reactor/reactor-netty/issues/1170. An HTTP HEAD with the body
not consumed. Connection is disposed and closed leading to subsequent request to
fail. Adding toBodilessEntity() helps.
This change does not close the connection but rather drains the body which does
not impact subsequent re-use of the connection. This however may compete with a
late subscriber actually attempting to read the response. At that point there is
little choice but to raise an ISE with a more specific description.
See gh-25216
This commit ensures that when mutating `ServerHttpRequest` instances,
the original contextPath information is copied to the request being
built.
Note that mutation on the `contextPath(String)` or `path(String)` should
be reflected to the other. (See their Javadoc for more information).
Fixes gh-25279
With this commit it is no longer assumed that all charset names in the
JsonEncoding can be resolved by Charset.forName. Instead, we store the
charset name itself, rather than the Charset object.
Prior to this commit, the `SslInfo` would be missing for WebFlux apps
when deployed on Reactor Netty with http/2.
This commit ensures that the request adapter checks the current channel
and the parent channel for the presence of the `SslHander`.
In the case of http/2, the `SslHander` is tied to the parent channel.
Fixes gh-25278
This commit introduces a spring.xml.ignore system property
which when set to true avoid initializing XML infrastructure.
A typical use case is optimizing GraalVM native image footprint
for applications not using XML. In order to be effective, those
classes should be initialized at build time:
- org.springframework.util.DefaultPropertiesPersister
- org.springframework.core.io.support.PropertiesLoaderUtils
- org.springframework.web.servlet.function.support.RouterFunctionMapping
- org.springframework.web.client.RestTemplate
- org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver
- org.springframework.web.servlet.config.annotation.WebMvcConfigurationSupport
- org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter
- org.springframework.http.converter.support.AllEncompassingFormHttpMessageConverter
- org.springframework.http.codec.support.BaseDefaultCodecs
- org.springframework.beans.PropertyEditorRegistrySupport
Closes gh-25151
Prior to this commit, the Forwarded headers for Spring MVC and Spring
WebFlux did not support multiple prefix values for the
`"X-Forwarded-Prefix"` HTTP header.
This commit splits and processes multiple prefixes defined in the
dedicated header.
Closes gh-25254
- The compiler is configured to retain compatibility with Kotlin 1.3.
- Explicit API mode is not yet enabled but could be in the future.
- A workaround for Gradle build is required for now, see
https://youtrack.jetbrains.com/issue/KT-39610 for more details.
- Some exceptions thrown by Kotlin have changed to NullPointerException,
see https://youtrack.jetbrains.com/issue/KT-22275 for more details.
Closes gh-24171
This commit makes sure that Jackson-based message converters and
decoders can deal with non-unicode input. It does so by reading
non-unicode input messages with a InputStreamReader.
This commit also adds additional tests forthe canRead/canWrite methods
on both codecs and message converters.
Closes: gh-25247
Prior to this commit, Jaxb2XmlDecoder and XmlEventDecoder threw
XMLStreamExceptions instead of DecodingExceptions (as the Decoder
contract defines).
This commit resolves this issue.
Closes: gh-24778
Before this commit, Jackson2CodecSupport and subclasses
did not check media type encoding in the supportsMimeType
method (called from canEncode/canDecode).
As a result, the encoder reported that it can write
(for instance) "application/json;charset=ISO-8859-1", but in practice
wrote the default charset (UTF-8).
This commit fixes that bug.
Closes: gh-25076
Before this commit, AbstractJackson2HttpMessageConverter and subclasses
did not check media type encoding in the canRead and canWrite
methods. As a result, the converter reported that it can write
(for instance) "application/json;charset=ISO-8859-1", but in practice
wrote the default charset (UTF-8).
This commit fixes that bug.
See: gh-25076
Before this commit, Jackson2CodecSupport and subclasses
did not check media type encoding in the supportsMimeType
method (called from canEncode/canDecode).
As a result, the encoder reported that it can write
(for instance) "application/json;charset=ISO-8859-1", but in practice
wrote the default charset (UTF-8).
This commit fixes that bug.
Closes: gh-25076
Before this commit, AbstractJackson2HttpMessageConverter and subclasses
did not check media type encoding in the canRead and canWrite
methods. As a result, the converter reported that it can write
(for instance) "application/json;charset=ISO-8859-1", but in practice
wrote the default charset (UTF-8).
This commit fixes that bug.
See: gh-25076
Prior to this commit, ExchangeStrategies custom codec's reader and
writer were not registered due to a bug in BaseCodecConfigurer.
This commit fixes this by correcting the implementation of the
DefaultCustomCodecs constructor used within BaseCodecConfigurer.
Closes gh-25149
With a recent upgrade to an early access build for JDK 15,
ServerHttpsRequestIntegrationTests began failing since Netty's
SelfSignedCertificate could not be properly initialized.
This commit adds a test fixture dependency on BouncyCastle which is now
needed by Netty's SelfSignedCertificate on JDK 15 or higher, since JDK 15
no longer supports the javax.security.cert.X509Certificate.
See: https://bugs.openjdk.java.net/browse/JDK-8241039
In many places UrlPathHelper is created and used without any
customizations, in some cases repeatedly. This commit adds a
shared read-only UrlPathHelper instance with default settings.
See gh-25100
Prior to this commit (and the previous one), the `AntPathStringMatcher`
(inner class of `AntPathmatcher`) would compile `Pattern` instances and
use regex matching even for static patterns such as `"/home"`.
This change introduces a shortcut in the string matcher algorithm to
skip the `Pattern` creation and uses `String` equality instead.
Static patterns are quite common in applications and this change can
bring performance improvements, depending on the mix of patterns
configured in the web application.
In benchmarks (added with this commit), we're seeing +20% throughput
and -40% allocation. This of course can vary depending on the number of
static patterns configured in the application.
Closes gh-24887
Prior to this commit, `MediaType.parseMediaType` would already rely on
the internal LRU cache in `MimeTypeUtils` for better performance. With
that optimization, the parsing of raw media types is skipped for cached
elements.
But still, `MediaType.parseMediaType` would first get a cached
`MimeType` instance from that cache and then instantiate a
`new MediaType(type, subtype, parameters)`. This constructor not only
replays the `MimeType` checks on type/subtyme tokens and parameters, but
it also performs `MediaType`-specific checks on parameters.
Such checks are not required, as we're using an existing `MimeType`
instance in the first place.
This commit adds a new protected copy constructor (skipping checks) in
`MimeType` and uses it in `MediaType.parseMediaType` as a result.
This yields interesting performance improvements, with +400% throughput
and -40% allocation/call in benchmarks. This commit also introduces a
new JMH benchmark for future optimization work.
Closes gh-24769
This commit avoids invoking StringBuilder.append(Object) in favor
of explicit method calls to append(String) and append(char) in
ContentDisposition.escapeQuotationsInFilename(String).
Closes gh-25056
Prior to this commit, patterns like `"/path/**/other"` would be treated
as `"/path/*/other"` (single wildcard, i.e. matching zero to many chars
within a path segment). This will not match multiple segments, as
expected by `AntPathMatcher` users or by `PathPatternParser` users when
in patterns like `"/resource/**"`.
This commit now rejects patterns like `"/path/**/other"` as invalid.
This behavior was previously warned against since gh-24958.
Closes gh-24952
When mutating a ServerHttpRequest or ClientResponse, the respective
builders no longer access cookies automatically which causes them to
be parsed and does so only if necessary. Likewise re-applying the
read-only HttpHeaders wrapper is avoided.
See gh-24680
Native server request headers have been wrapped rather than copied
since 5.1. This commit applies the same change to the client side
where, to make matters worse, headers were copied repeatedly on every
access, see also previous commit ca897b95.
For Netty and Jetty the wrappers are the same as on the server side
but duplicated in order to remain package private.
See gh-24680
This commit introduces a test suite for ClientHttpConnector
implementations, as well as fixes that resolve issues identified by
these tests.
Closes gh-24941
As of gh-24952, `PathPatternParser` will strictly reject patterns with
`"**"` in the middle of them. `"**"` is only allowed at the end of the
pattern for matching multiple path segments until the end of the path.
Currently, if `"**"` is used in the middle of a pattern it will be
considered as a single `"*"` instead. Rejecting such cases should
clarify the situation.
This commit prepares for that upcoming change and:
* logs a warning message if such a case is used by an application
* expands the MVC and WebFlux documentation about URI matching in
general
Closes gh-24958
Spring Framework 5.2.2 introduced a regression in
DefaultResponseErrorHandler.handleError(ClientHttpResponse)
Specifically, for use cases where the InputStream had already been
consumed by the first invocation of getResponseBody(), the second
invocation of getResponseBody() resulted in the response body being
absent in the created UnknownHttpStatusCodeException.
This commit fixes this by invoking getResponseBody() only once in
DefaultResponseErrorHandler.handleError(ClientHttpReponse) in order to
reuse the retrieved response body for creating the exception message
and as a separate argument to the UnknownHttpStatusCodeException
constructor.
Closes gh-24595
This commit adds two new properties to the `ReactorResourceFactory`.
This allows to configure the quiet and timeout periods when shutting
down Reactor resources. While we'll retain Reactor Netty's default for
production use, this option is useful for tests and developement
environments when developers want to avoid long waiting times when
shutting down resources.
Fixes gh-24538
Jackson's asynchronous parser does not support any encoding except UTF-8
(or ASCII). This commit converts non-UTF-8/ASCII encoded JSON to UTF-8.
Closes gh-24489
This commit makes the Jackson2Tokenizer enable
TokenBuffer.forceUseOfBigDecimal if the element type given to the
Decoder is BigDecimal. Previous to this commit, values would be
converted to floats.
Closes gh-24479
After this commit, Jackson2Tokenizer honours ObjectMapper's
DeserializationFeature.USE_BIG_DECIMAL_FOR_FLOATS feature when creating
TokenBuffers.
Closes gh-24479
We used ConnectionProvider#elastic only to customize the name. Now that
Reactor Netty's TcpResources itself uses fixed 500 by default, we
update to have the same value which would apply when global resources
are not used.
Closes gh-24424
This commit deprecates PathExtensionContentNegotiationStrategy and
ServletPathExtensionContentNegotiationStrategy and also updates code
that depends on them internally to remove that dependence.
See gh-24179
ContentNegotiationManagerFactoryBean now ensures that
ContentNegotiationManager contains the MediaType mappings even if the
path extension and the parameter strategies are off.
There are also minor fixes to ensure the media type mappings in
ContentNegotiationManagerFactoryBean aren't polluted when mapping keys
are not lowercase, and likewise MappingMediaTypeFileExtensionResolver
filters out duplicates in the list of all file extensions.
See gh-24179
Before this commit, the AbstractJackson2Encoder instantiated a
ObjectWriter per value. This is not an issue for single values or
non-streaming scenarios (which effectively are the same, because in the
latter values are collected into a list until offered to Jackson).
However, this does create a problem for SMILE, because it allows for
shared references that do not match up when writing each value with a
new ObjectWriter, resulting in errors parsing the result.
This commit uses Jackson's SequenceWriter for streaming scenarios,
allowing Jackson to reuse the same context for writing multiple values,
fixing the issue described above.
Closes gh-24198
As of gh-21783, Spring WebFlux uses a `TomcatHeadersAdapter`
implementation to directly address the native headers used by the
server.
In the case of Tomcat, "Content-Length" and "Content-Type" headers are
processed separately and should not be added to the native headers map.
This commit improves the `HandlerAdapter` implementation for Tomcat and
removes those headers, if previously set in the map. The adapter
already has a section that handles the Tomcat-specific calls for such
headers.
Fixes gh-24361
This commit updates CORS support in order to check Origin header
in CorsUtils#isPreFlightRequest which does not change how Spring
MVC or WebFlux process CORS request but is more correct in term
of behavior since it is a public API potentially used in another
contexts.
It also removes an unnecessary check in
AbstractHandlerMethodMapping#hasCorsConfigurationSource and processes
every preflight request with PreFlightHandler.
Closes gh-24327
Prior to this commit, when WebFlux handlers added `"Content-*"` response
headers and an error happened while handling the request, all those
headers would not be cleared from the response before error handling.
This commit clears those headers from the response in two places:
* when invoking the handler and adapting the response
* when writing the response body
Not removing those headers might break HTTP clients since they're given
wrong information about how to interpret the HTTP response body: the
error response body might be very different from the original one.
Fixes gh-24238
k3v1n
Rossen Stoyanchev
Johnny Lim
Sam Brannen
Juergen Hoeller
Stephane Nicoll
Phillip Webb
Sébastien Deleuze
Christophe Maillard
ascopes
Yusuke Yamamoto
Toshiaki Maki
fengyuanwei
Gediminas Rimša
Arjen Poutsma
Brian Clozel
VonUniGE
Сергей Цыпанов
Marten Deinum
Nick Hitchan
Riley Park
Robin Roos
Rostislav Svoboda
Nico Heller
Andreas Ahlenstorf
Stephane Nicoll
XenoAmess
Yanming Zhou
Rossen Stoyanchev
Ruslan Akhundov
May
Philippe Marschall
Kamil Szymanski
Undefined
Kirill Serebrennikov
GardenLee
Mihai Dumitrescu
dlsrb6342
Juergen Hoeller
Brian Clozel
Sam Brannen
Parviz ROzikov
martin-tarjanyi
Deycoesr
Sam Brannen
Oliver Degener
Sébastien Deleuze
Lars Grefer
Gurps Bassi
陈其苗
Andrew Woodbury
Adrian Cole
ZhangT
Robert Gründler
Hyunjin Choi
Oleh Faizulin