Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

HttpHeaders should accept empty Content-Type header [SPR-12173] #16787

Closed
spring-projects-issues opened this issue Sep 10, 2014 · 5 comments
Closed
Assignees
Labels
in: web status: backported type: enhancement
Milestone

Comments

@spring-projects-issues
Copy link
Collaborator

@spring-projects-issues spring-projects-issues commented Sep 10, 2014

Oliver Otzen opened SPR-12173 and commented

If a client is sending a POST message with an empty header 'Content-Type' the request fails with a IllegalArgumentException.
In HttpHeaders Line 305 only null values will be checked, but not empty values.
In the RFC 7231 it is not explicitly forbidden to send an empty 'Content-Type'-header field.
http://tools.ietf.org/html/rfc7231#section-3.1.1.5

Caused by: java.lang.IllegalArgumentException: 'mediaType' must not be empty
	at org.springframework.util.Assert.hasLength(Assert.java:136)
	at org.springframework.http.MediaType.parseMediaType(MediaType.java:688)
	at org.springframework.http.HttpHeaders.getContentType(HttpHeaders.java:305)
	at org.springframework.http.server.ServletServerHttpRequest.getHeaders(ServletServerHttpRequest.java:106)
	at org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter$ServletHandlerMethodInvoker.writeWithMessageConverters(AnnotationMethodHandlerAdapter.java:1026)
	at org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter$ServletHandlerMethodInvoker.handleHttpEntityResponse(AnnotationMethodHandlerAdapter.java:1014)
	at org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter$ServletHandlerMethodInvoker.getModelAndView(AnnotationMethodHandlerAdapter.java:940)
	at org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.invokeHandlerMethod(AnnotationMethodHandlerAdapter.java:441)
	at org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.handle(AnnotationMethodHandlerAdapter.java:428)
	at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:925)
	at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:856)
	at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:936)

Example POST from chrome browser:

POST /fileUpload HTTP/1.1
Host: www.example.org
Connection: keep-alive
Content-Length: 393
Origin: http://www.example.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36
filename: YXBpLWRvY3M=
Content-Type:
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4


Affects: 3.2.4

Issue Links:

  • #16810 Spring HTTP clients do not enforce RFC 6265 (cookies in a single header)
  • #18881 Spring Web should process requests with empty/invalid mime type

Referenced from: commits d501137, a1c0905, 4ab27d8, 44c52a9, 70412a9, afb0342

Backported to: 4.0.8, 3.2.12

3 votes, 4 watchers

@spring-projects-issues
Copy link
Collaborator Author

@spring-projects-issues spring-projects-issues commented Sep 16, 2014

Juergen Hoeller commented

This is available in the latest 4.1.1 and 4.0.8 snapshots now. It would be great if you could it a try... We intend to backport this to 3.2.12 as well but we'd like to verify the fix first.

Juergen

@spring-projects-issues
Copy link
Collaborator Author

@spring-projects-issues spring-projects-issues commented Oct 14, 2014

Oliver Otzen commented

Hello Juergen,

Thanks for working in this issuse.

I have tested it with Spring version 4.1.1.RELEASE and 4.1.2.BUILD-SNAPSHOT without success.
I get the following stacktrace:

org.springframework.http.InvalidMediaTypeException: Invalid mime type "": 'mimeType' must not be empty
	org.springframework.http.MediaType.parseMediaType(MediaType.java:370)
	org.springframework.http.server.ServletServerHttpRequest.getHeaders(ServletServerHttpRequest.java:115)
	org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter$ServletHandlerMethodInvoker.writeWithMessageConverters
...

My tiny test project is pushed on github: https://github.com/ollio/spring-content-type-test.
I have used REST Console to force a POST with empty Content-Type header field.

Thanks Oliver

@spring-projects-issues
Copy link
Collaborator Author

@spring-projects-issues spring-projects-issues commented Oct 14, 2014

Juergen Hoeller commented

Indeed, there turns out to be another check for the Content-Type header where we're falling into a similar trap. Fixed now, to be available in the upcoming 4.1.2 snapshot and in 4.0.8 and 3.2.12 snapshots later this week.

Juergen

@spring-projects-issues
Copy link
Collaborator Author

@spring-projects-issues spring-projects-issues commented Oct 15, 2014

Oliver Otzen commented

Now it works fine, I get an empty Content-Type when I use the @RequestHeader attribute in my controller.

Thanks Oliver

@spring-projects-issues
Copy link
Collaborator Author

@spring-projects-issues spring-projects-issues commented Oct 22, 2014

Juergen Hoeller commented

FYI, this is available in the latest 4.0.8 and 3.2.12 snapshots as well now. Both are scheduled for release on October 30th, along with 4.1.2.

Juergen

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
in: web status: backported type: enhancement
Projects
None yet
Development

No branches or pull requests

2 participants