spring-cloud-gateway icon indicating copy to clipboard operation
spring-cloud-gateway copied to clipboard
verified publisher icon spring-cloud

OPTIONS requests failing with Spring Cloud Gateway MVC/HttpClient.

Open gatewaynovice opened this issue 5 months ago • 0 comments

Describe the bug Using 4.3.0 version of Spring Cloud Gateway MVC, OPTIONS requests without any request body are failing with the latest version of apache httcomponents HttpClient (5.5.5).

Scenario:

  • Client's OPTIONs is sent without a RequestBody or a content-type header.
  • Spring Cloud Gateway MVC code tries to copy the inbound request body to the outbound request and in the process converts a non-existent/null body to an empty body.
  • HttpClient reads the request and validates it, the latest version of the HttpClient library expect a content-type header to be passed in if there is a request body. In this case it see an empty body (set by Gateway MVC code) and expects content-type header to be passed in....and fails the request.

Exception stack trace:

org.apache.hc.core5.http.ProtocolException: OPTIONS request must have Content-Type header at org.apache.hc.core5.http.protocol.RequestContent.validateOptionsContentType(RequestContent.java:164) ~[httpcore5-5.3.4.jar!/:5.3.4] ... suppressed lines at com.erac.edgesvc.gateway.functions.route.CustomProxyExchangeHandlerFunction.handle(CustomProxyExchangeHandlerFunction.java:122)

Possible bug at https://github.com/spring-cloud/spring-cloud-gateway/blob/f33e0270bc25c1973848f1eaae10cfd368831cd2/spring-cloud-gateway-server-webmvc/src/main/java/org/springframework/cloud/gateway/server/mvc/handler/ClientHttpRequestFactoryProxyExchange.java#L48

On the ClientHttpRequest object after copy the value of bodystream attribute is

Image

This causes HttpClient to read a non-null body causing the failure.

Reproduction is simple:

curl -v -i -X OPTIONS http://localhost:8080/test will do it, if you are using the latest apache httcomponents HttpClient version. I also checked HttpClient's validation logic is correct according to HttpSpec:

If the OPTIONS request includes an entity-body (as indicated by the presence of Content-Length or Transfer-Encoding), then the media type MUST be indicated by a Content-Type field.

https://datatracker.ietf.org/doc/html/rfc2616#section-9.2

Thanks, GatewayNovice

gatewaynovice avatar Aug 05 '25 19:08 gatewaynovice