HeaderContentNegotiationStrategy does not support multiple Accept headers [SPR-14506] #19075
There are two ways to provide multiple values for a given HTTP header.
Accept: text/plain, application/json
The default strategy for parsing the Accept header exists in org.springframework.web.accept.HeaderContentNegotiationStrategy.
This code currently uses request.getHeader("Accept"), which only returns the 'first' Accept header if there are multiple headers (ie. the second case).
This means that ONLY the first way works. The second way does not work (it simply returns the result of the first header instead of the complete set).
The code should be using request.getHeaders("Accept") and looping through each. NOTE: The code still needs to parse out the comma separated list, since it is possible to have both at the same time.
The text was updated successfully, but these errors were encountered:
Juergen Hoeller commented
We partially handled this before in #14289 but just in
However, since it seems to be very unusual to explicitly send multiple Accept headers (note that #14289 primarily dealt with parsing exposure in specific Servlet containers), I consider this an improvement rather than a bug. And since the web framework's behavior may subtly change in such scenarios now, I'm only backporting this to 4.3.2 but not any further.