You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@tomee.apache.org by "Richard Zowalla (Jira)" <ji...@apache.org> on 2021/02/12 16:30:00 UTC

[jira] [Commented] (TOMEE-2940) No header checks

    [ https://issues.apache.org/jira/browse/TOMEE-2940?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17283809#comment-17283809 ] 

Richard Zowalla commented on TOMEE-2940:
----------------------------------------

The `Content-Type` is AFAIK checked in *cxf* (JAXRSUtils).

"-" is an invalid `Content-Type` according to RFC 7231 (missing the "/"), so I guess, that some kind of exception should be thrown

> No header checks
> ----------------
>
>                 Key: TOMEE-2940
>                 URL: https://issues.apache.org/jira/browse/TOMEE-2940
>             Project: TomEE
>          Issue Type: Bug
>          Components: TomEE Core Server
>    Affects Versions: 8.0.5
>            Reporter: François Courtault
>            Priority: Critical
>
> Hello,
> Let's say that I have a method  in a REST resouce file, with the following annotations:
> {color:#808000}@POST{color}
>  {color:#808000}@Consumes{color}(\{"application/json"})
>  @Produces(\{"application/json"})
> Response myMethod(final MyRequest myRequest) \{ ....}
> If  use curl to target this method with the following header,I got the following responses:
>  * *-H 'Content-Type: application/\-' : HTTP 415 error*
>  * *-H 'Content-Type: -' : no HTTP error, expected to get the same error than above*
>  * *-H 'Content-Type: -'* *and* *'Content-Length: 0' with a payload length > 0: no error except if we call myRequest.doSomthing() => NPE*****
> Don't think it's a good behavior, right ?
> Best Regards.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)