You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I ran into a problem where one of my Gateway Filter which filters an exchange response throws an exception.
There was a header Content-Encoding: gzip in the response and this header (along with the rest) was forwarded to error response headers. But the ServerResponse body was written as JSON (error attributes) and wasn't zipped therefore a server response is incorrect.
I suggest clearing all headers in an exchange's response in order to fix that and similar header problems.
Currently AbstractErrorWebExceptionHandler just overwrites Content-Type header of the response:
private Mono<? extends Void> write(ServerWebExchange exchange, ServerResponse response) {
// force content-type since writeTo won't overwrite response header values
exchange.getResponse().getHeaders().setContentType(response.headers().getContentType());
return response.writeTo(exchange, new ResponseContext());
}
which can be replaced with exchange.getResponse().getHeaders().clear();
The text was updated successfully, but these errors were encountered:
timsazon
changed the title
AbstractErrorWebExceptionHandler should not keeps exchange response headers in an error response
AbstractErrorWebExceptionHandler should not keep exchange response headers in an error response
Dec 13, 2019
Clearing all response headers is a bit harsh, as we might remove security-related headers.
When handling errors we must clear assumptions about the response body, so both Content-Type and Content-Encoding seem reasonable.
Maybe clearing all response headers makes sense from a Spring Cloud Gateway perspective, but in this case it should be handled there.
I'm closing this issue in favour of #19372 - I'll ask you to amend it there.
Thanks!
bclozel
changed the title
AbstractErrorWebExceptionHandler should not keep exchange response headers in an error response
AbstractErrorWebExceptionHandler keeps original Content-Encoding response header
Dec 16, 2019
I ran into a problem where one of my Gateway Filter which filters an exchange response throws an exception.
There was a header
Content-Encoding: gzip
in the response and this header (along with the rest) was forwarded to error response headers. But theServerResponse
body was written as JSON (error attributes) and wasn't zipped therefore a server response is incorrect.I suggest clearing all headers in an exchange's response in order to fix that and similar header problems.
Currently
AbstractErrorWebExceptionHandler
just overwritesContent-Type
header of the response:which can be replaced with
exchange.getResponse().getHeaders().clear();
The text was updated successfully, but these errors were encountered: