You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Behavior on Spring 2.3.1-RELEASE:
Request with header Content-Type : application/vnd.api+json;charset=utf-8 is allowed ✅
Request with header Content-Type : application/vnd.api+json;charset=utf-16 rejected with 415 status ✅
Request with header Content-Type : application/vnd.api+json;charset=testrejected with 415 status ✅
Behavior on Spring 2.4.2:
Request with header Content-Type : application/vnd.api+json;charset=utf-8 is allowed ✅
Request with header Content-Type : application/vnd.api+json;charset=utf-16 isn't rejected with 415 status and results in an expcetion being thrown ❌
org.springframework.http.converter.HttpMessageNotReadableException: JSON parse error: Unrecognized token '笊': was expecting (JSON String, Number, Array, Object or token 'null', 'true' or 'false'); nested exception is com.fasterxml.jackson.core.JsonParseException: Unrecognized token '笊': was expecting (JSON String, Number, Array, Object or token 'null', 'true' or 'false')
at [Source: (InputStreamReader); line: 1, column: 2]
Request with header Content-Type : application/vnd.api+json;charset=testrejected with 415 status ✅
Additionall info:
Request with header Content-Type : application/vnd.api+json (without specifying the charset) get's allowed (I'm assuming it's defaulting to utf-8) with both versions. I would expect the request to be rejected in this case.
The text was updated successfully, but these errors were encountered:
snicoll
transferred this issue from spring-projects/spring-boot
Feb 25, 2021
Hi,
after upgrading from Spring boot 2.3.1.RELEASE to 2.4.2 it seems the value for the
content-type
header isn't fully validated.openjdk version "11.0.9.1" 2020-11-04
Kotlin version 1.4.30
Example:
Behavior on Spring 2.3.1-RELEASE:
Request with header
Content-Type : application/vnd.api+json;charset=utf-8
is allowed ✅Request with header
Content-Type : application/vnd.api+json;charset=utf-16
rejected with415
status ✅Request with header
Content-Type : application/vnd.api+json;charset=test
rejected with415
status ✅Behavior on Spring 2.4.2:
Request with header
Content-Type : application/vnd.api+json;charset=utf-8
is allowed ✅Request with header
Content-Type : application/vnd.api+json;charset=utf-16
isn't rejected with415
status and results in an expcetion being thrown ❌Request with header
Content-Type : application/vnd.api+json;charset=test
rejected with415
status ✅Additionall info:
Request with header
Content-Type : application/vnd.api+json
(without specifying the charset) get's allowed (I'm assuming it's defaulting toutf-8
) with both versions. I would expect the request to be rejected in this case.The text was updated successfully, but these errors were encountered: