Spring Security when i asked request, I got java.lang.UnsupportedOperationException

When my interface accesses WebFilterChainProxy , my request cannot be modified. This error is reported to me.

Comment From: daixiaojiang

java.lang.UnsupportedOperationException: null at org.springframework.http.ReadOnlyHttpHeaders.put(ReadOnlyHttpHeaders.java:126) Suppressed: reactor.core.publisher.FluxOnAssembly$OnAssemblyException:

My Spring Security version is 5.8.15, No error is reported when the version is 5.8.11.

Comment From: sjohnr

Thanks for getting in touch, but it feels like this is a question that would be better suited to Stack Overflow. We prefer to use GitHub issues only for bugs and enhancements. Feel free to update this issue with a link to the re-posted question (so that other people can find it) or add a minimal sample that reproduces this issue if you feel this is a genuine bug.

Note also that this may be related to https://github.com/spring-projects/spring-framework/issues/33789.

Comment From: daixiaojiang

Thanks for getting in touch, but it feels like this is a question that would be better suited to Stack Overflow. We prefer to use GitHub issues only for bugs and enhancements. Feel free to update this issue with a link to the re-posted question (so that other people can find it) or add a minimal sample that reproduces this issue if you feel this is a genuine bug.

Note also that this may be related to https://github.com/spring-projects/spring-framework/issues/33789.

Because StrictFirewallHttpHeaders is not subclass of ReadOnlyHttpRequestHeaders. You're causing spring incompatibility. That`s a bug.

spring-web org.springframework.http.HttpHeaders#writableHttpHeaders

    public static HttpHeaders writableHttpHeaders(HttpHeaders headers) { 
               Assert.notNull(headers, "HttpHeaders must not be null"); 
               if (headers == EMPTY) { 
                       return new HttpHeaders(); 
               } 
               return (headers instanceof ReadOnlyHttpHeaders ? new HttpHeaders(headers.headers) : headers); 
        } 

spring-security-web org.springframework.security.web.server.firewall.StrictServerWebExchangeFirewall.StrictFirewallServerWebExchange.StrictFirewallHttpRequest#getHeaders

public HttpHeaders getHeaders() { 
     return new StrictServerWebExchangeFirewall.StrictFirewallServerWebExchange.StrictFirewallHttpRequest.StrictFirewallHttpHeaders(super.getHeaders()); 
}

Comment From: sjohnr

My apologies @daixiaojiang, I did not originally realize this was related to https://github.com/spring-projects/spring-framework/issues/33789 and noticed that only after the fact. Please see that issue and this comment. I do not have any other update I can provide on this issue right now, but if I get any more information I will update you on it.

Comment From: sjohnr

@daixiaojiang you may consider using the workaround provided on gh-15974.