jersey icon indicating copy to clipboard operation
jersey copied to clipboard

Published 20 hours ago verified publisher icon javaee

POST requests without Content-Type header pass throught @Consumes check

Open glassfishrobot opened this issue 9 years ago • 3 comments

This is a reopen of #2908. If a request does not contain a Content-Type, Jersey will invoke a resource method with @Consumes, but section 3.5 of the JAX-RS 2.0 spec explicitly disallows this:

An implementation MUST NOT invoke a method whose effective value of @Consumes does not match the request Content-Type header.

The justification given for closing #2908 was that Jersey needs to remain backwards compatible. I believe Java EE implementations must be compliant by default, but if this is deemed to not be possible, then please consider this to be an enhancement request and add an option to get standards compliant behavior.

Affected Versions

[2.22]

glassfishrobot avatar Oct 21 '15 22:10 glassfishrobot

Reported by bjkail

glassfishrobot avatar Oct 21 '15 22:10 glassfishrobot

This issue was imported from java.net JIRA JERSEY-2992

glassfishrobot avatar Apr 25 '17 05:04 glassfishrobot

This is affecting me writing a compliant oauth2 token service - it needs to post with both url encoding and form encoding styles. It won't ever match the url encoding form.

rvowles avatar Jan 29 '18 23:01 rvowles