From 4effca35b500fda26f1f7d8322bc622468e5e93a Mon Sep 17 00:00:00 2001 From: rstoyanchev Date: Mon, 31 Jan 2022 13:51:40 +0100 Subject: [PATCH] Ignore Content-Type that is invalid (not concrete) Closes gh-27957 --- .../http/server/ServletServerHttpRequest.java | 6 ++++-- .../http/server/ServletServerHttpRequestTests.java | 9 ++++++++- 2 files changed, 12 insertions(+), 3 deletions(-) diff --git a/spring-web/src/main/java/org/springframework/http/server/ServletServerHttpRequest.java b/spring-web/src/main/java/org/springframework/http/server/ServletServerHttpRequest.java index b136e3fbcf..82f722310c 100644 --- a/spring-web/src/main/java/org/springframework/http/server/ServletServerHttpRequest.java +++ b/spring-web/src/main/java/org/springframework/http/server/ServletServerHttpRequest.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2021 the original author or authors. + * Copyright 2002-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -158,7 +158,9 @@ public class ServletServerHttpRequest implements ServerHttpRequest { String requestContentType = this.servletRequest.getContentType(); if (StringUtils.hasLength(requestContentType)) { contentType = MediaType.parseMediaType(requestContentType); - this.headers.setContentType(contentType); + if (contentType.isConcrete()) { + this.headers.setContentType(contentType); + } } } if (contentType != null && contentType.getCharset() == null) { diff --git a/spring-web/src/test/java/org/springframework/http/server/ServletServerHttpRequestTests.java b/spring-web/src/test/java/org/springframework/http/server/ServletServerHttpRequestTests.java index de0779a4c3..6b24f91613 100644 --- a/spring-web/src/test/java/org/springframework/http/server/ServletServerHttpRequestTests.java +++ b/spring-web/src/test/java/org/springframework/http/server/ServletServerHttpRequestTests.java @@ -1,5 +1,5 @@ /* - * Copyright 2002-2021 the original author or authors. + * Copyright 2002-2022 the original author or authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -151,6 +151,13 @@ public class ServletServerHttpRequestTests { assertThat(headers.getContentType()).isNull(); } + @Test // gh-27957 + void getHeadersWithWildcardContentType() { + mockRequest.setContentType("*/*"); + mockRequest.removeHeader("Content-Type"); + assertThat(request.getHeaders()).as("Invalid content-type should not raise exception").hasSize(0); + } + @Test void getBody() throws IOException { byte[] content = "Hello World".getBytes(StandardCharsets.UTF_8);