Hi,
after upgrading from Spring boot 2.3.1.RELEASE to 2.4.2 it seems the value for the content-type header isn't fully validated.
-
openjdk version "11.0.9.1" 2020-11-04
-
Kotlin version 1.4.30
Example:
@RestController
@RequestMapping(
produces = ["application/vnd.api+json;charset=utf-8"],
consumes = ["application/vnd.api+json;charset=utf-8"]
)
class Controller(...) {
@ResponseStatus(HttpStatus.CREATED)
@PostMapping("/some_path")
fun doSomething(
@Valid @RequestBody request: JsonApiRequest<Clazz1>
): Clazz2 {
}
Behavior on Spring 2.3.1-RELEASE:
Request with header Content-Type : application/vnd.api+json;charset=utf-8 is allowed :white_check_mark:
Request with header Content-Type : application/vnd.api+json;charset=utf-16 rejected with 415 status :white_check_mark:
Request with header Content-Type : application/vnd.api+json;charset=testrejected with 415 status :white_check_mark:
Behavior on Spring 2.4.2:
Request with header Content-Type : application/vnd.api+json;charset=utf-8 is allowed :white_check_mark:
Request with header Content-Type : application/vnd.api+json;charset=utf-16 isn't rejected with 415 status and results in an expcetion being thrown :x:
org.springframework.http.converter.HttpMessageNotReadableException: JSON parse error: Unrecognized token '笊': was expecting (JSON String, Number, Array, Object or token 'null', 'true' or 'false'); nested exception is com.fasterxml.jackson.core.JsonParseException: Unrecognized token '笊': was expecting (JSON String, Number, Array, Object or token 'null', 'true' or 'false')
at [Source: (InputStreamReader); line: 1, column: 2]
Request with header Content-Type : application/vnd.api+json;charset=testrejected with 415 status :white_check_mark:
Additionall info:
Request with header Content-Type : application/vnd.api+json (without specifying the charset) get's allowed (I'm assuming it's defaulting to utf-8) with both versions. I would expect the request to be rejected in this case.
Comment From: ghost
For some reason, this issue was created 2 times. Closing this issue and leaving the other one opened: https://github.com/spring-projects/spring-framework/issues/26610