Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

HeaderContentNegotiationStrategy does not support multiple Accept headers [SPR-14506] #19075

spring-projects-issues opened this issue Jul 22, 2016 · 1 comment


Copy link

@spring-projects-issues spring-projects-issues commented Jul 22, 2016

Michael Mansell opened SPR-14506 and commented

There are two ways to provide multiple values for a given HTTP header.

Accept: text/plain, application/json


Accept: text/plain
Accept: application/json

The default strategy for parsing the Accept header exists in org.springframework.web.accept.HeaderContentNegotiationStrategy.

This code currently uses request.getHeader("Accept"), which only returns the 'first' Accept header if there are multiple headers (ie. the second case).

This means that ONLY the first way works. The second way does not work (it simply returns the result of the first header instead of the complete set).

The code should be using request.getHeaders("Accept") and looping through each. NOTE: The code still needs to parse out the comma separated list, since it is possible to have both at the same time.

Affects: 4.3.1

Issue Links:

  • #14289 HttpHeaders.getAccept() does not return all accept headers for Iplanet WebServer 7
  • #19202 Consistent comma splitting without regex overhead (e.g. in MediaType/MimeType)
Copy link
Collaborator Author

@spring-projects-issues spring-projects-issues commented Jul 22, 2016

Juergen Hoeller commented

We partially handled this before in #14289 but just in HttpHeaders.getAccept() and only in case of the first Accept header value not being comma-separated. I've revised this towards general consideration of any number of Accept header values, with any of them comma-separated, both in HttpHeaders and in HeaderContentNegotationStrategy.

However, since it seems to be very unusual to explicitly send multiple Accept headers (note that #14289 primarily dealt with parsing exposure in specific Servlet containers), I consider this an improvement rather than a bug. And since the web framework's behavior may subtly change in such scenarios now, I'm only backporting this to 4.3.2 but not any further.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants