Prior to this commit, the `DispatcherServlet` would try and reset the
response buffer in case of errors, if the response is not committed
already. This allows for more flexible error handling, even if the
response was being handled already when it errored.
Resetting the response buffer clears the body but leaves HTTP response
headers intact. This is done on purpose as to not clear headers
previously added by Servlet Filters. By leaving in place some headers
like "Content-Type", this does not take into account the fact that the
response body was cleared and that error handling will perform another
round of content negotiation. While this isn't a problem for some
Servlet containers which enforce a single "Content-Type" header value,
this can cause multiple/duplicate values for some others.
This commit ensures that the "Content-Type" response header is removed
at the same time as we clear the "producible media types" attribute:
another pass of content negotiation will be performed for error
handling.
Fixes gh-34366
In order to avoid Gradle build warnings about @SuppressFBWarnings, this
commit introduces a testCompileOnly dependency on `findbugs` in the
spring-webmvc module so that the class file for @SuppressFBWarnings is
available to the compileTestJava task.
Closes gh-34418
Prior to this commit, Spring MVC and WebFlux would consider the
"kotlinx.serialization" JSON codecs and converters in addition to other
JSON alternatives like Jackson, Gson and Jsonb.
This would cause issues because while in most cases this library is only
involved if the type is annotated with "@Serializable", this is not true
for Java enums. In this particular case, the codec shadows Jackson and
causes issues.
This commit now considers kotlinx.serialization JSON support as an
alternative to Jackson. Just like Jsonb and GSON, this is only
auto-detected if Jackson is not present.
We received consistent feedback that kotlinx.serialization is popular in
Kotlin libraries and is often a transitive dependency. As a result, we
cannot consider its presence on the classpath as a strong enough signal
to configure it by default.
Closes gh-34410
Prior to this commit, several common HTTP headers were ignored from the
data binding process when collecting property values, in gh-34039 and
gh-34182.
This commit completes the initial enhancement by ensuring that the
default header predicate is also considering cases where constructor
binding is applied and the Java type has a lowercase variant of the HTTP
header name to filter.
Fixes gh-34292
This test was already ignored as of Java 21 because of a Java behavior
change, and now it started failing as of 17.0.14.
This commit removes the test entirely.
This commit ensures that checks for PathResource locations are skipped
because this resource implementation will always resolve under the
current location.
Closes gh-34167
Prior to this commit, HTTP request data binding had been improved to
filter out by default the "Priority" header in #34039.
This commit extends the set of filtered header names with:
"Accept", "Authorization", "Connection", "Cookie", "From", "Host",
"Origin", "Priority", "Range", "Referer", "Upgrade".
If an application wishes to let those header be bound, it will need to
configure the binder and replace the default header predicate by calling
`setHeaderPredicate`.
Closes gh-34182
rstoyanchev
Brian Clozel
Sébastien Deleuze
Sam Brannen
Johnny Lim
Stéphane Nicoll
Mengqi Xu
Sébastien Deleuze
Simon Baslé