Changes in #31104 are causing failures in Spring Security. Resetting the entire response (headers and buffer) prevents filters from adding security headers to the response on the way in.
We should reconsider whether we should only reset the response body (resetBuffer()) or find other ways to support this case.
Cc @sjohnr