Merge pull request #4019 from jamezp/RESTEASY-3205

[RESTEASY-3205] Change Content-Type to text/plain for Security filter
resteasy · Feb 7, 2024 · b8a50f6 · b8a50f6
2 parents 5e1680e + bb97b08
commit b8a50f6
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/...y-core/src/main/java/org/jboss/resteasy/plugins/interceptors/RoleBasedSecurityFilter.java b/...y-core/src/main/java/org/jboss/resteasy/plugins/interceptors/RoleBasedSecurityFilter.java
@@ -44,7 +44,7 @@ public void filter(ContainerRequestContext requestContext) throws IOException {
                         return;
                 }
                 throw new ForbiddenException(Response.status(403).entity("Access forbidden: role not allowed")
-                        .type("text/html;charset=UTF-8").build());
+                        .type("text/plain;charset=UTF-8").build());
             }
         }
         return;

diff --git a/...suite/integration-tests/src/test/java/org/jboss/resteasy/test/security/BasicAuthTest.java b/...suite/integration-tests/src/test/java/org/jboss/resteasy/test/security/BasicAuthTest.java
@@ -273,7 +273,7 @@ public void testAccesForbiddenMessage() throws Exception {
     public void testContentTypeWithForbiddenMessage() {
         Response response = unauthorizedClient.target(generateURL("/secured/denyWithContentType")).request().get();
         Assert.assertEquals(HttpResponseCodes.SC_FORBIDDEN, response.getStatus());
-        Assert.assertEquals("Incorrect Content-type header", "text/html;charset=UTF-8",
+        Assert.assertEquals("Incorrect Content-type header", "text/plain;charset=UTF-8",
                 response.getHeaderString("Content-type"));
         Assert.assertEquals("Missing forbidden message in the response", ACCESS_FORBIDDEN_MESSAGE,
                 response.readEntity(String.class));