Spring ResponseEntity Allows Body for 1xx, 204, 304 Statuses

Spring MVC allows constructing a ResponseEntity object with a body for HTTP statuses which do not allow one.

https://tools.ietf.org/html/rfc7230#section-3.3

All 1xx (Informational), 204 (No Content), and 304 (Not Modified) responses do not include a message body.

This generates responses with a body, but no Content-Length header which fouls up some application servers, web servers (WebLogic for example).

For example, this should not be allowed: return new ResponseEntity<String>("Deleted!", HttpStatus.NO_CONTENT);

This is acceptable: return new ResponseEntity<String>(HttpStatus.NO_CONTENT);

And so is this: return new ResponseEntity<String>("Deleted!", HttpStatus.OK);

Comment From: rstoyanchev

This is a low level validation that servers are in a better position to check and enforce for a number of reasons. Even if we did add a check like that, the Servlet response could be used directly, bypassing such checks at this level.

Can you clarify what goes wrong when using WebLogic?

Comment From: spring-projects-issues

If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed.

Comment From: kev22257

Hi, apologies for the delay. WebLogic hangs for 30 seconds and then finally completes the request. I have an SR open with Oracle as well.

Comment From: rstoyanchev

Given that other Servlet containers handle this situation better, adding such a validation at this stage of the the 5.3.x release cycle can cause unnecessary disruption. You can use shortcut methods like ResponseEntity.noContent() or add the validation for your project, e.g. by wrapping the response from a filter or using an @ResponseBodyAdvice component.