From 16d125ce768b24ac2cb37892c197c9e6b2582689 Mon Sep 17 00:00:00 2001 From: Rossen Stoyanchev Date: Mon, 14 Sep 2020 15:28:53 +0100 Subject: [PATCH] Extend Content-Disposition "inline" to error responses We don't expect a browser to save error responses to a file but we extend this protection anyway since "inline" is only a suggestion that shouldn't have any side effects. --- ...stractMessageConverterMethodProcessor.java | 2 +- ...questResponseBodyMethodProcessorTests.java | 27 +++++++++++++++++-- 2 files changed, 26 insertions(+), 3 deletions(-) diff --git a/spring-webmvc/src/main/java/org/springframework/web/servlet/mvc/method/annotation/AbstractMessageConverterMethodProcessor.java b/spring-webmvc/src/main/java/org/springframework/web/servlet/mvc/method/annotation/AbstractMessageConverterMethodProcessor.java index 932ff78a0573..4f1a532b98c7 100644 --- a/spring-webmvc/src/main/java/org/springframework/web/servlet/mvc/method/annotation/AbstractMessageConverterMethodProcessor.java +++ b/spring-webmvc/src/main/java/org/springframework/web/servlet/mvc/method/annotation/AbstractMessageConverterMethodProcessor.java @@ -411,7 +411,7 @@ private void addContentDispositionHeader(ServletServerHttpRequest request, Servl try { int status = response.getServletResponse().getStatus(); - if (status < 200 || status > 299) { + if (status < 200 || (status > 299 && status < 400)) { return; } } diff --git a/spring-webmvc/src/test/java/org/springframework/web/servlet/mvc/method/annotation/RequestResponseBodyMethodProcessorTests.java b/spring-webmvc/src/test/java/org/springframework/web/servlet/mvc/method/annotation/RequestResponseBodyMethodProcessorTests.java index 0e5ef25cd703..c952eb16a6e9 100644 --- a/spring-webmvc/src/test/java/org/springframework/web/servlet/mvc/method/annotation/RequestResponseBodyMethodProcessorTests.java +++ b/spring-webmvc/src/test/java/org/springframework/web/servlet/mvc/method/annotation/RequestResponseBodyMethodProcessorTests.java @@ -400,6 +400,25 @@ public void addContentDispositionHeader() throws Exception { this.servletRequest.removeAttribute(WebUtils.FORWARD_REQUEST_URI_ATTRIBUTE); } + @Test + public void addContentDispositionHeaderToErrorResponse() throws Exception { + ContentNegotiationManagerFactoryBean factory = new ContentNegotiationManagerFactoryBean(); + factory.addMediaType("pdf", new MediaType("application", "pdf")); + factory.afterPropertiesSet(); + + RequestResponseBodyMethodProcessor processor = new RequestResponseBodyMethodProcessor( + Collections.singletonList(new StringHttpMessageConverter()), + factory.getObject()); + + this.servletRequest.setRequestURI("/hello.dataless"); + this.servletResponse.setStatus(400); + + processor.handleReturnValue("body", this.returnTypeString, this.container, this.request); + + String header = servletResponse.getHeader("Content-Disposition"); + assertThat(header).isEqualTo("inline;filename=f.txt"); + } + @Test public void supportsReturnTypeResponseBodyOnType() throws Exception { Method method = ResponseBodyController.class.getMethod("handle"); @@ -724,10 +743,14 @@ private void assertContentDisposition(RequestResponseBodyMethodProcessor process String header = servletResponse.getHeader("Content-Disposition"); if (expectContentDisposition) { - assertThat(header).as("Expected 'Content-Disposition' header. Use case: '" + comment + "'").isEqualTo("inline;filename=f.txt"); + assertThat(header) + .as("Expected 'Content-Disposition' header. Use case: '" + comment + "'") + .isEqualTo("inline;filename=f.txt"); } else { - assertThat(header).as("Did not expect 'Content-Disposition' header. Use case: '" + comment + "'").isNull(); + assertThat(header) + .as("Did not expect 'Content-Disposition' header. Use case: '" + comment + "'") + .isNull(); } this.servletRequest = new MockHttpServletRequest();