Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CookieLocaleResolver may disturb error rendering when locale cookie has a malformed value [SPR-15182] #19748

Closed
spring-projects-issues opened this issue Jan 24, 2017 · 2 comments
Closed

CookieLocaleResolver may disturb error rendering when locale cookie has a malformed value [SPR-15182] #19748

spring-projects-issues opened this issue Jan 24, 2017 · 2 comments
Assignees
@jhoeller
Labels
in: web Issues in web modules (web, webmvc, webflux, websocket) type: enhancement A general enhancement
Milestone
4.3.6

Comments

@spring-projects-issues
Copy link
Collaborator

spring-projects-issues commented Jan 24, 2017
edited
Loading

Andy Wilkinson opened SPR-15182 and commented

This issue is on a similar theme to #19744 and #19745.

DispatcherServlet calls its LocaleResolver as part of an error dispatch. If a CookieLocaleResolver is configured and the locale cookie is malformed, this leads to an exception being thrown during error processing which disturbs error rendering.

A workaround is to override resolveLocaleContext(HttpServletRequest) and skip parsing the cookie's value when it's an error dispatch:

@Override
public LocaleContext resolveLocaleContext(HttpServletRequest request) {
    if (request.getAttribute(WebUtils.ERROR_EXCEPTION_ATTRIBUTE) != null) {
        return new TimeZoneAwareLocaleContext() {
            @Override
            public Locale getLocale() {
                return (Locale) request.getAttribute(LOCALE_REQUEST_ATTRIBUTE_NAME);
            }
            @Override
            public TimeZone getTimeZone() {
                return (TimeZone) request.getAttribute(TIME_ZONE_REQUEST_ATTRIBUTE_NAME);
            }
        };
    }
    return super.resolveLocaleContext(request);
}

Affects: 4.3.5

Reference URL: spring-projects/spring-boot#8075

Issue Links:

Referenced from: commits e8776f8, b97e7d5
@spring-projects-issues
Copy link
Collaborator Author

Juergen Hoeller commented

I guess we could also defensively try to parse the cookies, swallowing an IllegalArgumentException in case of an error dispatch. And when propagated, I'd like to turn the util-level IllegalArgumentException into something more meaningful at the dispatcher level.

@spring-projects-issues
Copy link
Collaborator Author

Juergen Hoeller commented

We're swallowing parse exceptions in an error dispatch now, and otherwise turn them into an IllegalStateException containing the cookie name and value etc.

@spring-projects-issues spring-projects-issues added type: enhancement A general enhancement in: web Issues in web modules (web, webmvc, webflux, websocket) labels Jan 11, 2019
@spring-projects-issues spring-projects-issues added this to the 4.3.6 milestone Jan 11, 2019
This was referenced Jan 11, 2019
Closed
Closed
Closed
@darioseidl darioseidl mentioned this issue Apr 30, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jhoeller jhoeller

Labels
in: web Issues in web modules (web, webmvc, webflux, websocket) type: enhancement A general enhancement
Projects
None yet
Milestone
4.3.6
Development

No branches or pull requests
2 participants
@jhoeller @spring-projects-issues