From f2e4da3dacf208ae0f7791518f011fcd527f8c1d Mon Sep 17 00:00:00 2001 From: Rossen Stoyanchev Date: Fri, 6 Nov 2015 13:01:34 -0500 Subject: [PATCH] Whitelist extension if present in the request mapping We know skip the Content-Disposition header for any extension if the chosen request mapping explicitly contains the URl extension. Issue: SPR-13629 --- ...stractMessageConverterMethodProcessor.java | 11 +++---- ...nnotationControllerHandlerMethodTests.java | 31 +++++++++++++++++++ 2 files changed, 36 insertions(+), 6 deletions(-) diff --git a/spring-webmvc/src/main/java/org/springframework/web/servlet/mvc/method/annotation/AbstractMessageConverterMethodProcessor.java b/spring-webmvc/src/main/java/org/springframework/web/servlet/mvc/method/annotation/AbstractMessageConverterMethodProcessor.java index 7ae3b829b28..fb231fbf80b 100644 --- a/spring-webmvc/src/main/java/org/springframework/web/servlet/mvc/method/annotation/AbstractMessageConverterMethodProcessor.java +++ b/spring-webmvc/src/main/java/org/springframework/web/servlet/mvc/method/annotation/AbstractMessageConverterMethodProcessor.java @@ -267,13 +267,12 @@ public abstract class AbstractMessageConverterMethodProcessor extends AbstractMe if (this.safeExtensions.contains(extension)) { return true; } + String pattern = (String) request.getAttribute(HandlerMapping.BEST_MATCHING_PATTERN_ATTRIBUTE); + if (pattern != null && pattern.endsWith("." + extension)) { + return true; + } if (extension.equals("html")) { - String name = HandlerMapping.BEST_MATCHING_PATTERN_ATTRIBUTE; - String pattern = (String) request.getAttribute(name); - if (pattern != null && pattern.endsWith(".html")) { - return true; - } - name = HandlerMapping.PRODUCIBLE_MEDIA_TYPES_ATTRIBUTE; + String name = HandlerMapping.PRODUCIBLE_MEDIA_TYPES_ATTRIBUTE; Set mediaTypes = (Set) request.getAttribute(name); if (!CollectionUtils.isEmpty(mediaTypes) && mediaTypes.contains(MediaType.TEXT_HTML)) { return true; diff --git a/spring-webmvc/src/test/java/org/springframework/web/servlet/mvc/method/annotation/ServletAnnotationControllerHandlerMethodTests.java b/spring-webmvc/src/test/java/org/springframework/web/servlet/mvc/method/annotation/ServletAnnotationControllerHandlerMethodTests.java index 583525216e1..fd5c5bfe303 100644 --- a/spring-webmvc/src/test/java/org/springframework/web/servlet/mvc/method/annotation/ServletAnnotationControllerHandlerMethodTests.java +++ b/spring-webmvc/src/test/java/org/springframework/web/servlet/mvc/method/annotation/ServletAnnotationControllerHandlerMethodTests.java @@ -1661,6 +1661,31 @@ public class ServletAnnotationControllerHandlerMethodTests extends AbstractServl assertArrayEquals(content, response.getContentAsByteArray()); } + @Test + public void responseBodyAsTextWithCssExtension() throws Exception { + initServlet(new ApplicationContextInitializer() { + @Override + public void initialize(GenericWebApplicationContext wac) { + ContentNegotiationManagerFactoryBean factoryBean = new ContentNegotiationManagerFactoryBean(); + factoryBean.afterPropertiesSet(); + RootBeanDefinition adapterDef = new RootBeanDefinition(RequestMappingHandlerAdapter.class); + adapterDef.getPropertyValues().add("contentNegotiationManager", factoryBean.getObject()); + wac.registerBeanDefinition("handlerAdapter", adapterDef); + } + }, TextRestController.class); + + byte[] content = "body".getBytes(Charset.forName("ISO-8859-1")); + MockHttpServletRequest request = new MockHttpServletRequest("GET", "/a4.css"); + request.setContent(content); + MockHttpServletResponse response = new MockHttpServletResponse(); + + getServlet().service(request, response); + + assertEquals(200, response.getStatus()); + assertNull(response.getHeader("Content-Disposition")); + assertArrayEquals(content, response.getContentAsByteArray()); + } + /* * Controllers @@ -3092,6 +3117,12 @@ public class ServletAnnotationControllerHandlerMethodTests extends AbstractServl public String a3(@RequestBody String body) throws IOException { return body; } + + @RequestMapping(value = "/a4.css", method = RequestMethod.GET) + @ResponseBody + public String a4(@RequestBody String body) { + return body; + } }