Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8163921

HttpURLConnection default Accept header is malformed according to HTTP/1.1 RFC

    XMLWordPrintable

    Details

    • Subcomponent:
    • CPU:
      generic
    • OS:
      generic

      Description

      FULL PRODUCT VERSION :


      A DESCRIPTION OF THE PROBLEM :
      RFC 7231 [0] describes the format of the HTTP/1.1 Accept header as follows:

           Accept = #( media-range [ accept-params ] )

           media-range = ( "*/*"
                            / ( type "/" "*" )
                            / ( type "/" subtype )
                            ) *( OWS ";" OWS parameter )
           accept-params = weight *( accept-ext )
           accept-ext = OWS ";" OWS token [ "=" ( token / quoted-string ) ]

      HttpURLConnection sets the following Accept header in requests if it is not set [1]:

      static final String acceptString =
              "text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2";

      The '*; q=.2' portion seems to be invalid according to the RFC spec above.

      Some http endpoints that encounter this header will reject the request and return 406 or 500. For examples see: [2] and [3].

      [0]: https://tools.ietf.org/html/rfc7231#section-5.3.2
      [1]: https://github.com/openjdk-mirror/jdk/blob/jdk8u/jdk8u/master/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java#L256
      [2]: https://issues.apache.org/jira/browse/SLING-3175
      [3]: https://issues.apache.org/jira/browse/OLINGO-998


      REPRODUCIBILITY :
      This bug can be reproduced always.

      CUSTOMER SUBMITTED WORKAROUND :
      It is possible for clients to set the Accept header via the HttpURLConnection.setRequestProperty API.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              michaelm Michael McMahon
              Reporter:
              webbuggrp Webbug Group
              Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated: