Spring Malformed Content-Type Header in Response

Affects:2.X

---

Spring Web produces a malformed Content-Type Response-Header when negotiated Content-Type matches the last element of the media-range part of the Accept-Header.

The issue can be reproduced with https://github.com/spring-guides/gs-serving-web-content :

curl -v http://localhost:8080/greeting -H "Accept: text/xml,application/xml,application/xhtml+xml,text/html; q=0.9" > /dev/null

> GET /greeting HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.64.1
> Accept: text/xml,application/xml,application/xhtml+xml,text/html; q=0.9
> 
< HTTP/1.1 200 
< Content-Type: text/html; q=0.9;charset=UTF-8
< Content-Language: de-DE
< Transfer-Encoding: chunked

The Content-Type contains a weight wich is not allowed according to https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html. The same request with "text/html" moved to any other position except the last one produces a correct result:

curl -v http://localhost:8080/greeting -H "Accept: text/xml,application/xml,text/html,application/xhtml+xml; q=0.9" > /dev/null

> GET /greeting HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.64.1
> Accept: text/xml,application/xml,text/html,application/xhtml+xml; q=0.9
> 
< HTTP/1.1 200 
< Content-Type: text/html;charset=UTF-8
< Content-Language: de-DE
< Transfer-Encoding: chunked

Browsers seem to handle the malformed header gracefully, but I am running a Spring Application with Server Side Includes behind an Nginx and the response is not scanned for SSIs because of the malformed Content-Type header.