Spring HeaderContentNegotiationStrategy.resolveMediaTypes throws unexpected IllegalArgumentException

Affects: 6.0.11

Parsing of http accept header throws IllegalArguemntException which is unexpected, and causes unexpected application behavior. Example stack trace

Too many elements
java.lang.IllegalArgumentException: Too many elements
at org.springframework.util.Assert.isTrue(Assert.java:122)
at org.springframework.util.MimeTypeUtils.sortBySpecificity(MimeTypeUtils.java:365)
at org.springframework.web.accept.HeaderContentNegotiationStrategy.resolveMediaTypes(HeaderContentNegotiationStrategy.java:55)
at org.springframework.web.accept.ContentNegotiationManager.resolveMediaTypes(ContentNegotiationManager.java:128)
at org.springframework.web.servlet.mvc.condition.ProducesRequestCondition.getAcceptedMediaTypes(ProducesRequestCondition.java:290)
at org.springframework.web.servlet.mvc.condition.ProducesRequestCondition.getMatchingCondition(ProducesRequestCondition.java:208)
at org.springframework.web.servlet.mvc.method.RequestMappingInfo.getMatchingCondition(RequestMappingInfo.java:401)
at org.springframework.web.servlet.mvc.method.RequestMappingInfoHandlerMapping.getMatchingMapping(RequestMappingInfoHandlerMapping.java:110)
at org.springframework.web.servlet.mvc.method.RequestMappingInfoHandlerMapping.getMatchingMapping(RequestMappingInfoHandlerMapping.java:68)

Class HeaderContentNegotiationStrategy currently catches only InvalidMediaTypeException, but IllegalArgumentException can also be thrown here.

public List<MediaType> resolveMediaTypes(NativeWebRequest request)
            throws HttpMediaTypeNotAcceptableException {

        String[] headerValueArray = request.getHeaderValues(HttpHeaders.ACCEPT);
        if (headerValueArray == null) {
            return MEDIA_TYPE_ALL_LIST;
        }

        List<String> headerValues = Arrays.asList(headerValueArray);
        try {
            List<MediaType> mediaTypes = MediaType.parseMediaTypes(headerValues);
            MimeTypeUtils.sortBySpecificity(mediaTypes);
            return !CollectionUtils.isEmpty(mediaTypes) ? mediaTypes : MEDIA_TYPE_ALL_LIST;
        }
        catch (InvalidMediaTypeException ex) {
            throw new HttpMediaTypeNotAcceptableException(
                    "Could not parse 'Accept' header " + headerValues + ": " + ex.getMessage());
        }
    }

please consider changing of this catch to IllegalArgumentException (InvalidMediaTypeException is a subclass of IllegalArgumentException). This change would make behavior more predictable.

Comment From: bclozel

Out of curiosity, can you share the Accept request header that causes this?

Comment From: mhankus

It was some kind of bot - so I have no control over it. I assume it was mistake, or some kind of attack (maybe fingerprinting)

The header was

accept=text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8

Comment From: rstoyanchev

@mhankus, could you clarify where the IllegalStateException is coming from, either through a stracktrace or instructions on how to reproduce.

I've tried thsi with 6.0.11 and with the latest 6.0.14 snapshot:

MediaType.parseMediaTypes("accept=text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8")

It results in:

org.springframework.util.InvalidMimeTypeException: Invalid mime type "accept=text/html": Invalid token character '=' in token "accept=text"
    at app//org.springframework.util.MimeTypeUtils.parseMimeTypeInternal(MimeTypeUtils.java:279)
    at app//org.springframework.util.ConcurrentLruCache.get(ConcurrentLruCache.java:103)
    at app//org.springframework.util.MimeTypeUtils.parseMimeType(MimeTypeUtils.java:213)
    at app//org.springframework.http.MediaType.parseMediaType(MediaType.java:739)
    at app//org.springframework.http.MediaType.parseMediaTypes(MediaType.java:768)
    ...

Comment From: spring-projects-issues

If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed.

Comment From: mhankus

@rstoyanchev I'm sorry for not responding - I must have missed notification. As for your question. My example was not perfect, as it contained header name (accept) then equals character and then headaer value. To reproduce error just execute sample code below ("accept=" was removed from string)

 MimeTypeUtils.sortBySpecificity(MediaType.parseMediaTypes("text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8"));
    }

you will get IllegalArgumentException, which is not caught, so application throws error, user gets 500 error (not 400 as expected), and logs are filled with information about stacktrace.