When assessing if a request is a CORS request, both mvc and reactive
`DefaultCorsProcessor` now catch `IllegalArgumentException` and turn
this into a 403 rejection rather than letting the exception propagate
into a 500 response.
Closes gh-33688
This change avoids the trap of creating a copy of `HttpHeaders` using a
case-sensitive `MultiValueMap` by mistake. Since mutability is always
desirable, we make a mutable copy by using `addAll` on an empty
`HttpHeaders`.
We can't simply rely on HttpHeaders' map-based constructor to detect
read-only header in this particular case, because the container's
original headers representation might in some cases be read-only.
Closes gh-33666
An example of this can be found in RFC 2732, but it is obsoleted by
RFC 3986 whose syntax for IPv6address does not allow dots.
Also, Appendix D of RFC 3986:
As [RFC2732] defers to [RFC3513] for definition of an IPv6 literal
address, which, unfortunately, lacks an ABNF description of
IPv6address, we created a new ABNF rule for IPv6address that matches
the text representations defined by Section 2.2 of [RFC3513].
See gh-33639
Previously, a timeout was set both on HttpRequest, and used on
httpClient.sendAsync().get(). This leads to inconsistent behaviour
depending on which timeout gets triggered first.
See gh-33090
Align internal handling and contracts. The core copy could do without
those contracts, but it helps with alignment, and it's internal to
the implementation.
Closes gh-33592
This commit adds a new
AbstractGenericHttpMessageConverter(Charset, MediaType...)
constructor, similar to the one present in
AbstractHttpMessageConverter.
Closes gh-33563
This commit adds support for HttpComponentsClientHttpRequestFactory to
set a read timeout, used on the underlying client as a RequestTimeout.
This brings the HttpComponentsClientHttpRequestFactory into alignment
with JDK, Jetty, OkHttp3, Reactor and SimpleClient
ClientHttpRequestFactory implementations.
See gh-33556
Prior to this commit, the HttpComponents implementation for the
`WebClient` would only consider the max-age attribute of response
cookies when parsing the response. This is not aligned with other client
implementations that consider the max-age attribute first, and then the
expires if the former was not present. The expires date is then
translated into a max-age duration. This behavior is done naturally by
several implementations.
This commit updates the `HttpComponentsClientHttpResponse` to do the
same.
Fixes gh-33157
海子 Yang
Simon Baslé
Sangmin Park
rstoyanchev
Johnny Lim
Dariusz Jędrzejczyk
Juergen Hoeller
Khyojun
Yanming Zhou
cfredri4
Sébastien Deleuze
Sam Brannen
Tran Ngoc Nhan
Carl Magnuson
Brian Clozel