ServletWebRequest.checkNotModified() methods should treat HEAD identically to GET [SPR-11317]

[spring-projects-issues]

Markus Malkusch opened SPR-11317 and commented

ServletWebRequest.checkNotModified() methods don't treat a HEAD request identically to a GET request (in fact they don't consider HEAD at all).

HTTP says:

The HEAD method is identical to GET except that the server MUST NOT
return a message-body in the response. The metainformation contained
in the HTTP headers in response to a HEAD request SHOULD be identical
to the information sent in response to a GET request.

Spring's reference documentation suggests to call WebRequest.checkNotModified() to set the status code to 304:

calling request.checkNotModified(lastModified) and returning null. The
former sets the response status to 304

As a consequence of the current implementation, applications which follow that recommendation violate against HTTP. In simple words: I had some fun debugging my application for a missing 304 status code while firing HEAD requests with wget --server-response --spider on it.

I suggest to respect HEAD in the mentioned methods identically to GET.

For test case and fix see #440

---

Affects: 3.2.6, 4.0 GA

Reference URL: #440

Backported to: 3.2.7

[spring-projects-issues]

Juergen Hoeller commented

Good catch! Fixed for 4.0.1 and 3.2.7 now.

Juergen