Skip to content

Reconsider response reset in DispatcherServlet in case of errors #31154

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
bclozel opened this issue Sep 1, 2023 · 0 comments
Closed

Reconsider response reset in DispatcherServlet in case of errors #31154

bclozel opened this issue Sep 1, 2023 · 0 comments
Assignees
@bclozel @rstoyanchev
Labels
in: web Issues in web modules (web, webmvc, webflux, websocket) type: task A general task
Milestone
6.1.0-M5

Comments

@bclozel
Copy link
Member

bclozel commented Sep 1, 2023

Changes in #31104 are causing failures in Spring Security. Resetting the entire response (headers and buffer) prevents filters from adding security headers to the response on the way in.

We should reconsider whether we should only reset the response body (resetBuffer()) or find other ways to support this case.

Cc @sjohnr
@bclozel bclozel added in: web Issues in web modules (web, webmvc, webflux, websocket) type: task A general task labels Sep 1, 2023
@bclozel bclozel added this to the 6.1.0-RC1 milestone Sep 1, 2023
sjohnr pushed a commit to spring-projects/spring-security that referenced this issue Sep 1, 2023
Fix test failures related to response headers
ea1ec64 
These tests began failing on snapshots after changes in
Spring Framework's `DispatcherServlet` to reset the response
on an error.

For now, we can have these tests operate with a 200 OK response.
An issue was opened in the spring-framework issuer tracker to
discuss this and address `CorsFilter` (and any other filter) that
writes headers that would be cleared on an error.

See spring-projects/spring-framework#31154
@bclozel bclozel closed this as completed in 0f94587 Sep 8, 2023
@rstoyanchev rstoyanchev mentioned this issue Oct 2, 2023
Closed
This was referenced Oct 20, 2023
Closed
Closed
@bclozel bclozel mentioned this issue Feb 18, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bclozel bclozel

@rstoyanchev rstoyanchev

Labels
in: web Issues in web modules (web, webmvc, webflux, websocket) type: task A general task
Projects
None yet
Milestone
6.1.0-M5
Development

No branches or pull requests
2 participants
@bclozel @rstoyanchev