spring-cloud-gateway icon indicating copy to clipboard operation
spring-cloud-gateway copied to clipboard
verified publisher icon spring-cloud

Missing check if the response is committed in some response filters

Open LorenzoLuconi opened this issue 4 months ago • 0 comments

Spring Boot 3.5.5 Spring Cloud 2025.0.0

All filters that modify the response should check whether the response has already been committed. If the response has already been committed, for example due to the application of RateLimiter, an exception (java.lang.UnsupportedOperationException, when filters trying to modify the headers) and a 500 http status code, will be generated.

The issue has already been reported for RemoveResponseHeader (see #3718) and resolved by adding the missing check.

It looks like that the following filters, which alter the response headers, do not perform the above check:

  • SetResponseHeaderGateway
  • RewriteResponseHeader
  • DedupeResponseHeaderGateway

The list may be incomplete , but I have checked that the first two have the reported problem (please see my demo project https://github.com/LorenzoLuconi/spring-cloud-gateway-exception-exmple) and DedupeResponseHeaderGateway, looking at the source code, has the same problem.

LorenzoLuconi avatar Sep 05 '25 12:09 LorenzoLuconi