You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@tomee.apache.org by "Richard Zowalla (Jira)" <ji...@apache.org> on 2021/02/12 16:30:00 UTC
[jira] [Commented] (TOMEE-2940) No header checks
[ https://issues.apache.org/jira/browse/TOMEE-2940?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17283809#comment-17283809 ]
Richard Zowalla commented on TOMEE-2940:
----------------------------------------
The `Content-Type` is AFAIK checked in *cxf* (JAXRSUtils).
"-" is an invalid `Content-Type` according to RFC 7231 (missing the "/"), so I guess, that some kind of exception should be thrown
> No header checks
> ----------------
>
> Key: TOMEE-2940
> URL: https://issues.apache.org/jira/browse/TOMEE-2940
> Project: TomEE
> Issue Type: Bug
> Components: TomEE Core Server
> Affects Versions: 8.0.5
> Reporter: François Courtault
> Priority: Critical
>
> Hello,
> Let's say that I have a method in a REST resouce file, with the following annotations:
> {color:#808000}@POST{color}
> {color:#808000}@Consumes{color}(\{"application/json"})
> @Produces(\{"application/json"})
> Response myMethod(final MyRequest myRequest) \{ ....}
> If use curl to target this method with the following header,I got the following responses:
> * *-H 'Content-Type: application/\-' : HTTP 415 error*
> * *-H 'Content-Type: -' : no HTTP error, expected to get the same error than above*
> * *-H 'Content-Type: -'* *and* *'Content-Length: 0' with a payload length > 0: no error except if we call myRequest.doSomthing() => NPE*****
> Don't think it's a good behavior, right ?
> Best Regards.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)