Skip to content

HTTP request with invalid "Content-Type" header causes InvalidMimeTypeException and 500 response #1145

New issue
New issue
Closed
Closed
HTTP request with invalid "Content-Type" header causes InvalidMimeTypeException and 500 response#1145
Assignees
rstoyanchev
Labels
in: webIssues related to web handlingtype: bugA general bug
Milestone
 
1.3.5
@sapsucker58

Description

@sapsucker58
sapsucker58
opened on Mar 5, 2025

Thank you for this wonderful library!

Describe the bug

When a curl request with an invalid content-type header is made, spring boot servers with graphql java throw an InvalidMimeTypeException rather than just returning a 404 or similar. The resulting exception takes up a lot of space in log files. It would be nice if this were tunable or did not throw an exception particularly since the behavior in a spring boot rest server without graphql enabled is to return a 404 without throwing an exception.

This bug is similar to spring-projects/spring-boot#37118 and spring-projects/spring-framework#30979.

To Reproduce

  1. Create new app at https://start.spring.io/ with Spring Web and Spring for Graphql dependencies - config
  2. Observe the behavior when sending a curl request with an invalid content-type header. This is the desired behavior.
    • request: curl -X POST http://localhost:8080/test/mimetype -H "Content-Type: <script>alert('XSS')</script>"
    • response: {"timestamp":"xxx,"status":404,"error":"Not Found","path":"/test/mimetype"}%
  3. Follow the Graphql Java tutorial to add graphql.
  4. Observe the behavior when sending a curl request with an invalid content-type header.
    • request: curl -X POST http://localhost:8080/test/mimetype -H "Content-Type: <script>alert('XSS')</script>"
    • response: <!doctype html><html lang="en"><head><title>HTTP Status 500 – Internal Server Error</title><style type="text/css">body {font-family:Tahoma,Arial,sans-serif;} h1, h2, h3, b {color:white;background-color:#525D76;} h1 {font-size:22px;} h2 {font-size:16px;} h3 {font-size:14px;} p {font-size:12px;} a {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 500 – Internal Server Error</h1></body></html>%
    • on the server: Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed: org.springframework.http.InvalidMediaTypeException: Invalid mime type "<script>alert('XSS')</script>": Invalid token character '<' in token "<script>alert('XSS')<"] with root cause ...

Metadata

Metadata

Assignees

Labels

in: webIssues related to web handlingtype: bugA general bug

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions