Whitelabeled error page stopped working in 2.6.0

[lukas-krecan]

After upgrading to Spring Boot 2.6.0 default white-labeled error page stopped working. We are using Spring MVC for REST endpoints and when a user accesses a URL that is not mapped to a controller, he just gets 404 with no HTML, in previous version he got an error page.

We actually have custom ErrorAttributes implementation to override the response, but the change in the behavior is there even without the customization. I did not have much time to debug it, but it seems that the redirect to /error does not happen in the new version. Maybe it's an intentional change, but I could not find it anywhere in the release notes.

[wilkinsona]

You haven't mentioned Spring Security, but this could be due #26356 and your security configuration or a duplicate of #28759. If it's the former, when the URL that the user tries to access is secured and they haven't provided any credentials, the error response will no longer include a body. This is intentional and can be addressed by adjusting your security configuration. If that doesn't sound like it fits your app and you suspect it's the latter, can you please provide a small sample that reproduces the behaviour you've described? You can share it with us by zipping it up and attaching it to this issue or by pushing it to a separate repository on GitHub.

[lukas-krecan]

Thanks. It's indeed caused by spring security #26356. The reason is that we are doing authentication using a subclass of OncePerRequestFilter which does not fill SecurityContext for error dispatch.