Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Header content-type not enforcing charset #26609

Closed
ghost opened this issue Feb 25, 2021 · 1 comment
Closed

Header content-type not enforcing charset #26609

ghost opened this issue Feb 25, 2021 · 1 comment
Labels
status: duplicate A duplicate of another issue

Comments

@ghost
Copy link

ghost commented Feb 25, 2021

Hi,

after upgrading from Spring boot 2.3.1.RELEASE to 2.4.2 it seems the value for the content-type header isn't fully validated.

  • openjdk version "11.0.9.1" 2020-11-04

  • Kotlin version 1.4.30

Example:

@RestController
@RequestMapping(
    produces = ["application/vnd.api+json;charset=utf-8"],
    consumes = ["application/vnd.api+json;charset=utf-8"]
)
class Controller(...) {
@ResponseStatus(HttpStatus.CREATED)
    @PostMapping("/some_path")
    fun doSomething(
        @Valid @RequestBody request: JsonApiRequest<Clazz1>
    ): Clazz2 {
}

Behavior on Spring 2.3.1-RELEASE:
Request with header Content-Type : application/vnd.api+json;charset=utf-8 is allowed ✅
Request with header Content-Type : application/vnd.api+json;charset=utf-16 rejected with 415 status ✅
Request with header Content-Type : application/vnd.api+json;charset=testrejected with 415 status ✅

Behavior on Spring 2.4.2:
Request with header Content-Type : application/vnd.api+json;charset=utf-8 is allowed ✅
Request with header Content-Type : application/vnd.api+json;charset=utf-16 isn't rejected with 415 status and results in an expcetion being thrown ❌

org.springframework.http.converter.HttpMessageNotReadableException: JSON parse error: Unrecognized token '笊': was expecting (JSON String, Number, Array, Object or token 'null', 'true' or 'false'); nested exception is com.fasterxml.jackson.core.JsonParseException: Unrecognized token '笊': was expecting (JSON String, Number, Array, Object or token 'null', 'true' or 'false')
 at [Source: (InputStreamReader); line: 1, column: 2]

Request with header Content-Type : application/vnd.api+json;charset=testrejected with 415 status ✅

Additionall info:
Request with header Content-Type : application/vnd.api+json (without specifying the charset) get's allowed (I'm assuming it's defaulting to utf-8) with both versions. I would expect the request to be rejected in this case.
@snicoll snicoll transferred this issue from spring-projects/spring-boot Feb 25, 2021
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged or decided on label Feb 25, 2021
@ghost
Copy link
Author

ghost commented Feb 26, 2021

For some reason, this issue was created 2 times. Closing this issue and leaving the other one opened:
#26610

@ghost ghost closed this as completed Feb 26, 2021
@rstoyanchev rstoyanchev added status: duplicate A duplicate of another issue and removed status: waiting-for-triage An issue we've not yet triaged or decided on labels Feb 26, 2021
This issue was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status: duplicate A duplicate of another issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rstoyanchev @spring-projects-issues