Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

*/* in Accept header is ignored if not listed as the first item #30806

Closed
jmartisk opened this issue Feb 2, 2023 · 4 comments · Fixed by #30839
Closed

*/* in Accept header is ignored if not listed as the first item #30806

jmartisk opened this issue Feb 2, 2023 · 4 comments · Fixed by #30839
Labels
area/graphql kind/bug Something isn't working
Milestone

Comments

@jmartisk
Copy link
Contributor

jmartisk commented Feb 2, 2023

Describe the bug

see #30759 (reply in thread) for description of the bug

Expected behavior

An */* type is always recognized if present in an Accept header of GraphQL requests, and the request be handled normally with the default response content type (which is application/graphql+json)

Actual behavior

An */* type is recognized only if it's the first item in the Accept header, else the GraphQL endpoint returns a 406 Unacceptable response.

How to Reproduce?

No response

Output of uname -a or ver

No response

Output of java -version

No response

GraalVM version (if different from Java)

No response

Quarkus version or git rev

No response

Build tool (ie. output of mvnw --version or gradlew --version)

No response

Additional information

No response

@jmartisk jmartisk added kind/bug Something isn't working area/graphql labels Feb 2, 2023
@Bazalii
Copy link
Contributor

Bazalii commented Feb 2, 2023

@jmartisk Am I right that the problem is here?
image

The getRequestAccept is called and after that is called the isValidAcceptRequest. If the result of isValidAcceptRequest is not true 406 response code is returned.

image

The first loop checks if application/json or application/graphql+json are present in Accept header and if they are not, the function only checks for the beginning of this header. If the beginning is not */* (as in my discussion) it just returns whole header. After that this header is just checked again with isValidAcceptRequest method, which obviously returns false and 406 is returned.

image

These snippets are from this class

To my mind, logic of isValidAcceptRequest and getRequestAccept is a little bit strange. Isn't it better to include */* to isValidAcceptRequest so that it return true if one of the MIMEHeaders is */*?

And the piece of code that is after for loop could be simplified in this case. Instead of doing this:

String accept = ctx.request().getHeader("Accept");
if (accept != null && !accept.isEmpty() && !accept.startsWith("*/*")) {
    return accept;
}

We can just return accept. So this means that there are no application/json or application/graphql+json or */* types present in these header. So, the 406 response code should be returned.

@Bazalii
Copy link
Contributor

Bazalii commented Feb 2, 2023

If my thoughts are correct, I would like to contribute to solve this problem

@jmartisk
Copy link
Contributor Author

jmartisk commented Feb 3, 2023

You're quite correct, just to clarify: I'd say that when there's an */* present (anywhere) in the header, then the getRequestAccept method should return the DEFAULT_RESPONSE_CONTENT_TYPE constant. It should not return */* directly, because that would then be set as the value of Content-Type in the response, and that's wrong. So just adding */* into isValidAcceptRequest won't help, because you need to map that value into DEFAULT_RESPONSE_CONTENT_TYPE when you find it.

@Bazalii
Copy link
Contributor

Bazalii commented Feb 3, 2023

@jmartisk Could you please have a look at #30839?

@quarkus-bot quarkus-bot bot added this to the 3.0 - main milestone Feb 4, 2023
@gsmet gsmet modified the milestones: 3.0 - main, 2.16.2.Final Feb 7, 2023
benkard added a commit to benkard/mulkcms2 that referenced this issue Apr 2, 2023
This MR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [com.diffplug.spotless:spotless-maven-plugin](https://github.com/diffplug/spotless) | build | minor | `2.32.0` -> `2.33.0` |
| [io.quarkus:quarkus-maven-plugin](https://github.com/quarkusio/quarkus) | build | patch | `2.16.1.Final` -> `2.16.2.Final` |
| [io.quarkus:quarkus-universe-bom](https://github.com/quarkusio/quarkus-platform) | import | patch | `2.16.1.Final` -> `2.16.2.Final` |

---

### Release Notes

<details>
<summary>diffplug/spotless</summary>

### [`v2.33.0`](https://github.com/diffplug/spotless/blob/HEAD/CHANGES.md#&#8203;2330---2023-01-26)

##### Added

-   `ProcessRunner` has added some convenience methods so it can be used for maven testing. ([#&#8203;1496](diffplug/spotless#1496))
-   `ProcessRunner` allows to limit captured output to a certain number of bytes. ([#&#8203;1511](diffplug/spotless#1511))
-   `ProcessRunner` is now capable of handling long-running tasks where waiting for exit is delegated to the caller. ([#&#8203;1511](diffplug/spotless#1511))
-   Allow to specify node executable for node-based formatters using `nodeExecutable` parameter ([#&#8203;1500](diffplug/spotless#1500))

##### Fixed

-   The default list of type annotations used by `formatAnnotations` has had 8 more annotations from the Checker Framework added [#&#8203;1494](diffplug/spotless#1494)

##### Changes

-   **POTENTIALLY BREAKING** Bump minimum JRE from 8 to 11, next release likely to bump bytecode to Java 11 ([#&#8203;1514](diffplug/spotless#1514) part 1 of [#&#8203;1337](diffplug/spotless#1337))
-   Rename `YamlJacksonStep` into `JacksonYamlStep` while normalizing Jackson usage ([#&#8203;1492](diffplug/spotless#1492))
-   Convert `gson` integration to use a compile-only source set ([#&#8203;1510](diffplug/spotless#1510)).
-   \*\* POTENTIALLY BREAKING\*\* Removed support for KtLint 0.3x and 0.45.2 ([#&#8203;1475](diffplug/spotless#1475))
    -   `KtLint` does not maintain a stable API - before this MR, we supported every breaking change in the API since 2019.
    -   From now on, we will support no more than 2 breaking changes at a time.
-   NpmFormatterStepStateBase delays `npm install` call until the formatter is first used. This enables better integration
    with `gradle-node-plugin`. ([#&#8203;1522](diffplug/spotless#1522))
-   Bump default `ktlint` version to latest `0.48.1` -> `0.48.2` ([#&#8203;1529](diffplug/spotless#1529))
-   Bump default `scalafmt` version to latest `3.6.1` -> `3.7.1` ([#&#8203;1529](diffplug/spotless#1529))

</details>

<details>
<summary>quarkusio/quarkus</summary>

### [`v2.16.2.Final`](https://github.com/quarkusio/quarkus/releases/tag/2.16.2.Final)

[Compare Source](quarkusio/quarkus@2.16.1.Final...2.16.2.Final)

##### Complete changelog

-   [#&#8203;30976](quarkusio/quarkus#30976) - Metrics - check if index contains class before attempting to use it
-   [#&#8203;30965](quarkusio/quarkus#30965) - JandexBeanInfoAdapter.getMetricAnnotationsThroughStereotype is not null safe
-   [#&#8203;30959](quarkusio/quarkus#30959) - Return text from /q/metrics when the Accept header contains html
-   [#&#8203;30953](quarkusio/quarkus#30953) - Fix OIDC capability string
-   [#&#8203;30947](quarkusio/quarkus#30947) - Ignore interface/class without default constructs fields in SB config
-   [#&#8203;30940](quarkusio/quarkus#30940) - Use SchemaType.ARRAY instead of "ARRAY" for native support
-   [#&#8203;30919](quarkusio/quarkus#30919) - Compilation to native fails, when quarkus-smallrye-openapi is included
-   [#&#8203;30916](quarkusio/quarkus#30916) - Add AppCDS documentation
-   [#&#8203;30896](quarkusio/quarkus#30896) - Quarkus spring-boot-properties extension unable to handle complex configuration.
-   [#&#8203;30878](quarkusio/quarkus#30878) - Bump postgresql from 42.5.2 to 42.5.3
-   [#&#8203;30866](quarkusio/quarkus#30866) - Only run the quickstart compilation for main
-   [#&#8203;30851](quarkusio/quarkus#30851) - Fixed return type typo in smallrye graphQL guide
-   [#&#8203;30844](quarkusio/quarkus#30844) - Fixed greeting in getting started guide
-   [#&#8203;30839](quarkusio/quarkus#30839) - Fix handling of Accept header in graphQL
-   [#&#8203;30833](quarkusio/quarkus#30833) - Update docs to show BuildProducer use as method parameter instead of field
-   [#&#8203;30828](quarkusio/quarkus#30828) - Make OIDC session cookie same site lax by default
-   [#&#8203;30826](quarkusio/quarkus#30826) - Caffeine - Automatically register metrics cache impls if Micrometer is around
-   [#&#8203;30825](quarkusio/quarkus#30825) - Fix comment about Caffeine optimization
-   [#&#8203;30823](quarkusio/quarkus#30823) - Change accept header to valid plain text in micrometer documentation
-   [#&#8203;30821](quarkusio/quarkus#30821) - Packaging type -Dquarkus.package.create-appcds=true isn't documented
-   [#&#8203;30815](quarkusio/quarkus#30815) - Update SmallRye Config to 2.13.2
-   [#&#8203;30812](quarkusio/quarkus#30812) - Manage the apache-mime4j dependency
-   [#&#8203;30806](quarkusio/quarkus#30806) - */* in Accept header is ignored if not listed as the first item
-   [#&#8203;30805](quarkusio/quarkus#30805) - MailTemplateInstance with attachments
-   [#&#8203;30803](quarkusio/quarkus#30803) - Support file and byte array attachments in `MailTemplateInstance`
-   [#&#8203;30797](quarkusio/quarkus#30797) - OIDC login not work
-   [#&#8203;30783](quarkusio/quarkus#30783) - <artifactId> uses 'quarkus.platform.artifact-id' property
-   [#&#8203;30778](quarkusio/quarkus#30778) - Avoid creating 3 Liquibase MongoDB instances for startup operations
-   [#&#8203;30776](quarkusio/quarkus#30776) - Ensure that AwsProxyRequestContext can be used with [@&#8203;Context](https://github.com/Context) in RESTEasy Reactive
-   [#&#8203;30767](quarkusio/quarkus#30767) - Remove duplicate notification of SseBroadcaster's onErrorListeners
-   [#&#8203;30765](quarkusio/quarkus#30765) - Bump postgresql from 42.5.1 to 42.5.2
-   [#&#8203;30755](quarkusio/quarkus#30755) - Update ForwardedParser to validate the port
-   [#&#8203;30744](quarkusio/quarkus#30744) - \[Quarkus Native] ClassNotFoundException: com.github.benmanes.caffeine.cache.SSSW
-   [#&#8203;30536](quarkusio/quarkus#30536) - munitnyucontextmanager non helpful error reporting
-   [#&#8203;29753](quarkusio/quarkus#29753) - Introduce ConnectionFactoryWrapperBuildItem
-   [#&#8203;29605](quarkusio/quarkus#29605) - Update docs to reflect that injection should not
-   [#&#8203;27774](quarkusio/quarkus#27774) - PLANNER-1709 Avoid deprecated penalize/reward overloads
-   [#&#8203;23442](quarkusio/quarkus#23442) - problem using quarkus-resteasy-reactive-kotlin-serialization with AwsProxyRequestContext

</details>

<details>
<summary>quarkusio/quarkus-platform</summary>

### [`v2.16.2.Final`](quarkusio/quarkus-platform@2.16.1.Final...2.16.2.Final)

[Compare Source](quarkusio/quarkus-platform@2.16.1.Final...2.16.2.Final)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever MR is behind base branch, or you tick the rebase/retry checkbox.

👻 **Immortal**: This MR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this MR, check this box

---

This MR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNC4yNC4wIiwidXBkYXRlZEluVmVyIjoiMzQuMjQuMCJ9-->
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/graphql kind/bug Something isn't working
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants