New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Non-compliant Content-Type header for multipart media types #25885
Comments
This commit drops the 'charset' parameter from the media type set by MultipartWriterSupport, since RFC7578 states that the only allowed parameter is 'boundary'. Closes spring-projectsgh-25885
From previous investigations on charsets and multipart requests, there is a lot of history, multiple specs and and behaviors. In that context one possible concern is whether existing applications rely on this behavior (right or wrong). For example whether a request prepared with the |
This commit only writes the 'charset' parameter in the written headers if it is non-default (not UTF-8), since RFC7578 states that the only allowed parameter is 'boundary'. Closes spring-projectsgh-25885
Solved by only adding the charset parameter if it is non-standard (i.e. not UTF-8 or ASCII). |
Affects: 5.x
The
org.springframework.http.codec.multipart
package contains various methods for building aContent-Type
header formultipart
media types. The default method produces a header with the following format:"multipart/{sub-type};boundary={boundary};charset={charset|UTF-8}"
However, RFC7578 specifies only a required parameter of
boundary
and optional parameters asnone
. Hence, the addition of a charset parameter is not strictly in accordance with RCF7578. Robust server implementations should ignore this parameter, but some do not (in my case, civetweb), causing request failures. Here are the relevant framework versions and code locations causing the problems:spring-framework/spring-web/src/main/java/org/springframework/http/codec/multipart/MultipartWriterSupport.java
Line 105 in 24bd014
spring-framework/spring-web/src/main/java/org/springframework/http/codec/multipart/MultipartHttpMessageWriter.java
Line 234 in ec9de94
I'd like to hear concerns - is removing charset for multipart requests appropriate?
The text was updated successfully, but these errors were encountered: