Skip to content

Invalid Accept header results in IllegalStateException #29794

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
malware27 opened this issue Jan 10, 2023 · 2 comments
Closed

Invalid Accept header results in IllegalStateException #29794

malware27 opened this issue Jan 10, 2023 · 2 comments
Assignees
@poutsma
Labels
in: web Issues in web modules (web, webmvc, webflux, websocket) status: backported An issue that has been backported to maintenance branches type: bug A general bug
Milestone
6.0.5

Comments

@malware27
Copy link

malware27 commented Jan 10, 2023
edited
Loading

Affects: 5.3.23

Hitting IllegalStateExcption at - Sourcegraph

(Comment says should never happen)

Reproducer - https://github.com/malware27/simple-springboot-app/tree/master/simple-springboot-app

Sample curl after bringing the above application up locally -

curl 'http://localhost:9001/property' \ -H 'Accept: abc' \ -H 'Accept-Language: en-GB,en-US;q=0.9,en;q=0.8' \ -H 'Cache-Control: no-cache' \ -H 'Connection: keep-alive' \ -H 'Pragma: no-cache' \ -H 'Sec-Fetch-Dest: document' \ -H 'Sec-Fetch-Mode: navigate' \ -H 'Sec-Fetch-Site: none' \ -H 'Sec-Fetch-User: ?1' \ -H 'Upgrade-Insecure-Requests: 1' \ -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36' \ -H 'sec-ch-ua: "Not?A_Brand";v="8", "Chromium";v="108", "Google Chrome";v="108"' \ -H 'sec-ch-ua-mobile: ?0' \ -H 'sec-ch-ua-platform: "macOS"' \ --compressed

The application logs after hitting the above curl -

2023-01-10 17:02:22.967 ERROR 55658 --- [nio-9001-exec-8] o.a.c.c.C.[.[.[/].[dispatcherServlet] : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is java.lang.IllegalStateException: Cannot compare without having any requested media types] with root cause

org.springframework.web.HttpMediaTypeNotAcceptableException: Could not parse 'Accept' header [abc]: Invalid mime type "abc": does not contain '/'
at org.springframework.web.accept.HeaderContentNegotiationStrategy.resolveMediaTypes(HeaderContentNegotiationStrategy.java:59) ~[spring-web-5.0.8.RELEASE.jar:5.0.8.RELEASE]
at org.springframework.web.accept.ContentNegotiationManager.resolveMediaTypes(ContentNegotiationManager.java:124) ~[spring-web-5.0.8.RELEASE.jar:5.0.8.RELEASE]
at org.springframework.web.servlet.mvc.condition.ProducesRequestCondition.getAcceptedMediaTypes(ProducesRequestCondition.java:262) ~[spring-webmvc-5.0.8.RELEASE.jar:5.0.8.RELEASE]
at

This specifically happens when the following two cases are satisfied -

  • There are two handlermethods (One probably with RequestMapping and another with GetMapping) for the same endpoint.
  • There is a bad accept header in the request

I had a library with spring boot auto configuration enabled which had a handlerMethod handling the same endpoint which my application did and hence discovered this issue.

Happy to contribute if this an actual issue and I did not mess up something.
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged or decided on label Jan 10, 2023
@poutsma poutsma added this to the Triage Queue milestone Jan 16, 2023
@poutsma poutsma added the in: web Issues in web modules (web, webmvc, webflux, websocket) label Jan 16, 2023
@poutsma poutsma self-assigned this Jan 17, 2023
@poutsma poutsma added type: bug A general bug and removed status: waiting-for-triage An issue we've not yet triaged or decided on labels Jan 17, 2023
@poutsma poutsma modified the milestones: Triage Queue, 6.0.5 Jan 17, 2023
@github-actions github-actions bot added status: backported An issue that has been backported to maintenance branches and removed for: backport-to-5.3.x labels Jan 17, 2023
@github-actions github-actions bot mentioned this issue Jan 17, 2023
Closed
@poutsma poutsma changed the title Getting java.lang.IllegalStateException: Cannot compare without having any requested media types Invalid Accept header results in IllegalStateException Jan 17, 2023
@malware27
Copy link
Author

@poutsma would be happy to contribute for this one :D

poutsma added a commit that referenced this issue Jan 18, 2023
@poutsma
Fix IllegalStateException in empty ProducesRequestCondition
60c89dd 
When comparing empty ProducesRequestCondition, compareTo would throw an
IllegalStateException if the Accept header was invalid. This commit
fixes that behavior.

See gh-29794
Closes gh-29836
@poutsma
Copy link
Contributor

poutsma commented Jan 18, 2023

@malware27 Thanks for the offer, but there was no need as the bug was easy to reproduce. It's fixed now, and will be in 6.0.3 and 5.3.26.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@poutsma poutsma

Labels
in: web Issues in web modules (web, webmvc, webflux, websocket) status: backported An issue that has been backported to maintenance branches type: bug A general bug
Projects
None yet
Milestone
6.0.5
Development

No branches or pull requests
3 participants
@poutsma @malware27 @spring-projects-issues