Details
-
Bug
-
Resolution: Done
-
Minor
-
3.0.23.Final
-
None
Description
MultivaluedMap interface assumes that putAll(Map<String, List<Object>> map) will replace all map keys with given values. This is a behaviour of e.g. javax.ws.rs.core.MultivaluedHashMap. Extrapolating that for headers means that headers should be replaced, not added the values.
However org.jboss.resteasy.plugins.server.servlet.HttpServletResponseHeaders behaves differently. putAll method implementation delegates the call to add(String key, Object value) which appends values to existing headers in underlying HttpServletResponse.
For example, if servlet container pre-initializes some headers like
Pragma: No-cache
and the same header is set via Response$ResponseBuilder#header(String name, Object value), the resulting response will have header like this:
Pragma: No-cache, No-cache
In most cases this does not affect the browser's behaviour, however there are some critical exceptions like CORS headers:
Access-Control-Allow-Credentials: true, true
This header will be discarded by browser and JavaScript application will misbehave.
Expected: HttpServletResponseHeaders calls HttpServletResponse#setHeader(String name, String value) for 1st value in the list, and HttpServletResponse#addHeader(String name, String value) for any subsequent value in the list.
Attachments
Issue Links
- causes
-
-
- Closed
-
