ResourceHttpMessageWriter.write has unexpected error handling for invalid range requests (offset > content length) #35536
Description
Affected version: spring-web-6.2.11
When requesting a resource that has a content length of 1000 bytes (and the server supports ranges in bytes)
using a range header Range: bytes=2000-5000
ends up in a 500 due to
java.lang.IllegalArgumentException: 'position' exceeds the resource length 1000
thrown in HttpRange.toResourceRegions(ranges, resource).
It should end up in a 416 (HttpStatus.REQUESTED_RANGE_NOT_SATISFIABLE) which is expected eg.
https://developer.mozilla.org/de/docs/Web/HTTP/Reference/Status/416
Most likely it's good enough to just move the List regions calculation a bit up in code:
@Override
public Mono<Void> write(Publisher<? extends Resource> inputStream, @Nullable ResolvableType actualType,
ResolvableType elementType, @Nullable MediaType mediaType, ServerHttpRequest request,
ServerHttpResponse response, Map<String, Object> hints) {
HttpHeaders headers = response.getHeaders();
headers.set(HttpHeaders.ACCEPT_RANGES, "bytes");
List<HttpRange> ranges;
try {
ranges = request.getHeaders().getRange();
// <---- HttpRange.toResourceRegions(...) ?!
}
catch (IllegalArgumentException ex) {
response.setStatusCode(HttpStatus.REQUESTED_RANGE_NOT_SATISFIABLE);
return response.setComplete();
}
return Mono.from(inputStream).flatMap(resource -> {
if (ranges.isEmpty()) {
return writeResource(resource, elementType, mediaType, response, hints);
}
response.setStatusCode(HttpStatus.PARTIAL_CONTENT);
List<ResourceRegion> regions = HttpRange.toResourceRegions(ranges, resource); // <----