Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HeaderContentNegotiationStrategy.resolveMediaTypes throws unexpected IllegalArgumentException #31254

Closed
mhankus opened this issue Sep 18, 2023 · 5 comments
Closed

HeaderContentNegotiationStrategy.resolveMediaTypes throws unexpected IllegalArgumentException #31254

mhankus opened this issue Sep 18, 2023 · 5 comments
Assignees
@rstoyanchev
Labels
in: web Issues in web modules (web, webmvc, webflux, websocket) type: bug A general bug
Milestone
6.0.14

Comments

@mhankus
Copy link

mhankus commented Sep 18, 2023
edited
Loading

Affects: 6.0.11

Parsing of http accept header throws IllegalArguemntException which is unexpected, and causes unexpected application behavior.
Example stack trace

Too many elements
java.lang.IllegalArgumentException: Too many elements
at org.springframework.util.Assert.isTrue(Assert.java:122)
at org.springframework.util.MimeTypeUtils.sortBySpecificity(MimeTypeUtils.java:365)
at org.springframework.web.accept.HeaderContentNegotiationStrategy.resolveMediaTypes(HeaderContentNegotiationStrategy.java:55)
at org.springframework.web.accept.ContentNegotiationManager.resolveMediaTypes(ContentNegotiationManager.java:128)
at org.springframework.web.servlet.mvc.condition.ProducesRequestCondition.getAcceptedMediaTypes(ProducesRequestCondition.java:290)
at org.springframework.web.servlet.mvc.condition.ProducesRequestCondition.getMatchingCondition(ProducesRequestCondition.java:208)
at org.springframework.web.servlet.mvc.method.RequestMappingInfo.getMatchingCondition(RequestMappingInfo.java:401)
at org.springframework.web.servlet.mvc.method.RequestMappingInfoHandlerMapping.getMatchingMapping(RequestMappingInfoHandlerMapping.java:110)
at org.springframework.web.servlet.mvc.method.RequestMappingInfoHandlerMapping.getMatchingMapping(RequestMappingInfoHandlerMapping.java:68)

Class HeaderContentNegotiationStrategy currently catches only InvalidMediaTypeException, but IllegalArgumentException can also be thrown here.

public List<MediaType> resolveMediaTypes(NativeWebRequest request)
			throws HttpMediaTypeNotAcceptableException {

		String[] headerValueArray = request.getHeaderValues(HttpHeaders.ACCEPT);
		if (headerValueArray == null) {
			return MEDIA_TYPE_ALL_LIST;
		}

		List<String> headerValues = Arrays.asList(headerValueArray);
		try {
			List<MediaType> mediaTypes = MediaType.parseMediaTypes(headerValues);
			MimeTypeUtils.sortBySpecificity(mediaTypes);
			return !CollectionUtils.isEmpty(mediaTypes) ? mediaTypes : MEDIA_TYPE_ALL_LIST;
		}
		catch (InvalidMediaTypeException ex) {
			throw new HttpMediaTypeNotAcceptableException(
					"Could not parse 'Accept' header " + headerValues + ": " + ex.getMessage());
		}
	}

please consider changing of this catch to IllegalArgumentException (InvalidMediaTypeException is a subclass of IllegalArgumentException). This change would make behavior more predictable.
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged or decided on label Sep 18, 2023
@bclozel
Copy link
Member

bclozel commented Sep 18, 2023

Out of curiosity, can you share the Accept request header that causes this?

@bclozel bclozel added status: waiting-for-feedback We need additional information before we can continue in: web Issues in web modules (web, webmvc, webflux, websocket) labels Sep 18, 2023
@mhankus
Copy link
Author

mhankus commented Sep 18, 2023

It was some kind of bot - so I have no control over it. I assume it was mistake, or some kind of attack (maybe fingerprinting)

The header was

accept=text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8

@spring-projects-issues spring-projects-issues added status: feedback-provided Feedback has been provided and removed status: waiting-for-feedback We need additional information before we can continue labels Sep 18, 2023
@rstoyanchev
Copy link
Contributor

@mhankus, could you clarify where the IllegalStateException is coming from, either through a stracktrace or instructions on how to reproduce.

I've tried thsi with 6.0.11 and with the latest 6.0.14 snapshot:

MediaType.parseMediaTypes("accept=text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8")

It results in:

org.springframework.util.InvalidMimeTypeException: Invalid mime type "accept=text/html": Invalid token character '=' in token "accept=text"
	at app//org.springframework.util.MimeTypeUtils.parseMimeTypeInternal(MimeTypeUtils.java:279)
	at app//org.springframework.util.ConcurrentLruCache.get(ConcurrentLruCache.java:103)
	at app//org.springframework.util.MimeTypeUtils.parseMimeType(MimeTypeUtils.java:213)
	at app//org.springframework.http.MediaType.parseMediaType(MediaType.java:739)
	at app//org.springframework.http.MediaType.parseMediaTypes(MediaType.java:768)
	...

@rstoyanchev rstoyanchev added status: waiting-for-feedback We need additional information before we can continue and removed status: feedback-provided Feedback has been provided labels Nov 2, 2023
@spring-projects-issues
Copy link
Collaborator

If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed.

@spring-projects-issues spring-projects-issues added the status: feedback-reminder We've sent a reminder that we need additional information before we can continue label Nov 9, 2023
@mhankus
Copy link
Author

mhankus commented Nov 9, 2023
edited
Loading

@rstoyanchev I'm sorry for not responding - I must have missed notification.
As for your question. My example was not perfect, as it contained header name (accept) then equals character and then headaer value.
To reproduce error just execute sample code below ("accept=" was removed from string)

 MimeTypeUtils.sortBySpecificity(MediaType.parseMediaTypes("text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, " +
                "text/html,application/xhtml+xml;q=0.9,*/*;q=0.8, text/html,application/xhtml+xml;q=0.9,*/*;q=0.8"));
    }

you will get IllegalArgumentException, which is not caught, so application throws error, user gets 500 error (not 400 as expected), and logs are filled with information about stacktrace.

@spring-projects-issues spring-projects-issues added status: feedback-provided Feedback has been provided and removed status: waiting-for-feedback We need additional information before we can continue status: feedback-reminder We've sent a reminder that we need additional information before we can continue labels Nov 9, 2023
@rstoyanchev rstoyanchev self-assigned this Nov 14, 2023
@rstoyanchev rstoyanchev added type: bug A general bug and removed status: waiting-for-triage An issue we've not yet triaged or decided on status: feedback-provided Feedback has been provided labels Nov 14, 2023
@rstoyanchev rstoyanchev added this to the 6.0.14 milestone Nov 14, 2023
izeye added a commit to izeye/spring-framework that referenced this issue Dec 6, 2023
@izeye
Fix condition for "Too many elements" in MimeTypeUtils.sortBySpecific…
5ef4b00 
…ity()

See spring-projectsgh-31254
@izeye izeye mentioned this issue Dec 6, 2023
Closed
sbrannen pushed a commit to sbrannen/spring-framework that referenced this issue Dec 6, 2023
@izeye @sbrannen
Fix condition for "Too many elements" in MimeTypeUtils.sortBySpecific…
7b95bd7 
…ity()

See spring-projectsgh-31254
Closes spring-projectsgh-31769
sbrannen pushed a commit that referenced this issue Dec 6, 2023
@izeye @sbrannen
Fix condition for "Too many elements" in MimeTypeUtils.sortBySpecific…
fa95f12 
…ity()

See gh-31254
See gh-31769
Closes gh-31773

(cherry picked from commit 7b95bd7)
@sbrannen sbrannen mentioned this issue Mar 18, 2024
Closed
sbrannen added a commit that referenced this issue Mar 19, 2024
@sbrannen
Wrap InvalidMimeTypeException in HttpMediaTypeNotAcceptableException
ef02f0b 
The fix for #31254 resulted in an InvalidMimeTypeException being thrown
by MimeTypeUtils.sortBySpecificity() instead of an
IllegalArgumentException. However, InvalidMimeTypeException extends
IllegalArgumentException. Consequently, the change from
IllegalArgumentException to InvalidMimeTypeException did not result in
the desired effect in HeaderContentNegotiationStrategy.

HeaderContentNegotiationStrategy.resolveMediaTypes() still allows the
InvalidMimeTypeException to propagate as-is without wrapping it in an
HttpMediaTypeNotAcceptableException.

To address this issue, this commit catches InvalidMediaTypeException
and InvalidMimeTypeException in HeaderContentNegotiationStrategy and
wraps the exception in an HttpMediaTypeNotAcceptableException.

See gh-31254
See gh-31769
Closes gh-32483
sbrannen added a commit that referenced this issue Mar 19, 2024
@sbrannen
Wrap InvalidMimeTypeException in HttpMediaTypeNotAcceptableException
da799bc 
The fix for #31254 resulted in an InvalidMimeTypeException being thrown
by MimeTypeUtils.sortBySpecificity() instead of an
IllegalArgumentException. However, InvalidMimeTypeException extends
IllegalArgumentException. Consequently, the change from
IllegalArgumentException to InvalidMimeTypeException did not result in
the desired effect in HeaderContentNegotiationStrategy.

HeaderContentNegotiationStrategy.resolveMediaTypes() still allows the
InvalidMimeTypeException to propagate as-is without wrapping it in an
HttpMediaTypeNotAcceptableException.

To address this issue, this commit catches InvalidMediaTypeException
and InvalidMimeTypeException in HeaderContentNegotiationStrategy and
wraps the exception in an HttpMediaTypeNotAcceptableException.

See gh-31254
See gh-31769
Closes gh-32483

(cherry picked from commit ef02f0b)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rstoyanchev rstoyanchev

Labels
in: web Issues in web modules (web, webmvc, webflux, websocket) type: bug A general bug
Projects
None yet
Milestone
6.0.14
Development

No branches or pull requests
4 participants
@bclozel @rstoyanchev @mhankus @spring-projects-issues