Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clean Content-Encoding response header in WebFlux error handler #19372

Closed
wants to merge 1 commit into from
Closed

Clean Content-Encoding response header in WebFlux error handler #19372

wants to merge 1 commit into from

Conversation

timsazon
Copy link

Fix #19371

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Dec 13, 2019
@bclozel bclozel mentioned this pull request Dec 16, 2019
Closed
@bclozel bclozel changed the title Fix remaining exchange response headers in an error response Clean Content-Encoding response header in WebFlux error handler Dec 16, 2019
@bclozel bclozel added type: bug A general bug and removed status: waiting-for-triage An issue we've not yet triaged labels Dec 16, 2019
@bclozel
Copy link
Member

bclozel commented Dec 16, 2019

@timsazon Could you amend this PR and:

  • reinstate the previous code
  • only remove the Content-Encoding header
  • add a test to check that this is working as expected

I can assist you with the changes. If you don't have time for this, let me know and I'll handle it myself.
Thanks!

@bclozel bclozel added this to the 2.1.x milestone Dec 16, 2019
@timsazon
Copy link
Author

@bclozel Thanks for the answer!
I think it would be better to clear all content-related headers in that case. What do you think?

timsazon added a commit to timsazon/spring-boot that referenced this pull request Dec 16, 2019
@timsazon
Clear content-related response headers
e67a831 
See spring-projectsgh-19372
@timsazon timsazon changed the base branch from master to 2.1.x December 16, 2019 21:23
@bclozel
Copy link
Member

bclozel commented Dec 17, 2019

I think we can take it from here.
I don't think we should clear Content-Disposition as this header is used to protected against RFD exploits. Others seem sensible, maybe a bit overkill. We'll figure this out while processing your PR. Thanks!

@bclozel bclozel self-assigned this Dec 19, 2019
@bclozel bclozel removed the type: bug A general bug label Dec 20, 2019
@bclozel bclozel removed this from the 2.1.x milestone Dec 20, 2019
@bclozel bclozel added the status: superseded An issue that has been superseded by another label Dec 20, 2019
@bclozel
Copy link
Member

bclozel commented Dec 20, 2019

After considering our options, we'll fix this in Spring Framework directly.
I've created spring-projects/spring-framework#24238.

Thanks for your contribution!

@bclozel bclozel closed this Dec 20, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@bclozel bclozel

Labels
status: superseded An issue that has been superseded by another
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@timsazon @bclozel @spring-projects-issues