Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AbstractErrorWebExceptionHandler keeps original Content-Encoding response header #19371

Closed
timsazon opened this issue Dec 13, 2019 · 1 comment
Closed

AbstractErrorWebExceptionHandler keeps original Content-Encoding response header #19371

timsazon opened this issue Dec 13, 2019 · 1 comment
Labels
status: superseded An issue that has been superseded by another type: bug A general bug

Comments

@timsazon
Copy link

I ran into a problem where one of my Gateway Filter which filters an exchange response throws an exception.
There was a header Content-Encoding: gzip in the response and this header (along with the rest) was forwarded to error response headers. But the ServerResponse body was written as JSON (error attributes) and wasn't zipped therefore a server response is incorrect.

I suggest clearing all headers in an exchange's response in order to fix that and similar header problems.

Currently AbstractErrorWebExceptionHandler just overwrites Content-Type header of the response:

private Mono<? extends Void> write(ServerWebExchange exchange, ServerResponse response) {
	// force content-type since writeTo won't overwrite response header values
	exchange.getResponse().getHeaders().setContentType(response.headers().getContentType());
	return response.writeTo(exchange, new ResponseContext());
}

which can be replaced with
exchange.getResponse().getHeaders().clear();
@timsazon timsazon changed the title AbstractErrorWebExceptionHandler should not keeps exchange response headers in an error response AbstractErrorWebExceptionHandler should not keep exchange response headers in an error response Dec 13, 2019
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Dec 13, 2019
@timsazon timsazon mentioned this issue Dec 13, 2019
Closed
@bclozel
Copy link
Member

bclozel commented Dec 16, 2019

Clearing all response headers is a bit harsh, as we might remove security-related headers.
When handling errors we must clear assumptions about the response body, so both Content-Type and Content-Encoding seem reasonable.
Maybe clearing all response headers makes sense from a Spring Cloud Gateway perspective, but in this case it should be handled there.
I'm closing this issue in favour of #19372 - I'll ask you to amend it there.
Thanks!

@bclozel bclozel closed this as completed Dec 16, 2019
@bclozel bclozel added status: superseded An issue that has been superseded by another type: bug A general bug and removed status: waiting-for-triage An issue we've not yet triaged labels Dec 16, 2019
@bclozel bclozel changed the title AbstractErrorWebExceptionHandler should not keep exchange response headers in an error response AbstractErrorWebExceptionHandler keeps original Content-Encoding response header Dec 16, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status: superseded An issue that has been superseded by another type: bug A general bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bclozel @spring-projects-issues @timsazon