A 'Content-Type' header issue since Spring Boot 1.4.0.RELEASE

[bogdansolga]

Hello!

I have recently upgraded to Spring Boot 1.4.0.RELEASE from 1.3.7.RELEASE, and I want to file a bug report on a 'Content-Type' issue.

Context - when logging out from our app (Angular JS 1.5.8, Spring Security 4.1.1.RELEASE), the user is redirected to the '/' URI, where the index.html is served.

Problem - the 'Content-Type' for the served index.html is set to 'application/json;charset=UTF-8' in Spring Boot 1.4, which leads to an Angular JS attempt to parse the response as a JSON, and consequently a JSON parsing error.

In an attempt to isolate the issue, I have tested with several versions of Spring, Spring Boot and Tomcat. I have found that the issue is caused by the Spring Boot version, not the Tomcat version, as the issue is similar on the Tomcat version used in Spring Boot 1.4.0.RELEASE (v8.5.4) and the one used by me in 1.3.7.RELEASE (v8.0.36).

Observed differences in the response headers for the index.html file:

• Spring Boot 1.3.7.RELEASE, Spring 4.2.7.RELEASE, Tomcat 8.0.36:

    Content-Encoding    gzip
    Content-Type        text/html;charset=utf-8

• Spring Boot 1.4.0.RELEASE, Spring 4.3.2.RELEASE, Tomcat 8.5.4 or Tomcat 8.0.36:

    Content-Length      13685
    Content-Type        application/json;charset=UTF-8

Notes:

• the 'Content-Length' header is only returned by the latest Spring Boot / Spring Framework;
• Spring Boot 1.3.7.RELEASE returned a 'Content-Encoding: gzip' header, probably due to the 'server.compression.mime-types' setting.

Please tell me if I need to provide any further details.

Thank you and congratulations for your entire work!

[bclozel]

Could you provide more details on how to reproduce this issue?
How are you serving that index.html file (is it a static file, or a template, using which engine...)?
Can you show your application.properties configuration?
Do you have any specific MVC configuration, like WebMvcConfigurerAdapter beans?

[bogdansolga]

@bclozel - of course, I will provide all the details requested by you.

On how to reproduce it - the only way I can reproduce it is by logging out of the app. The app uses a classical Spring Security setup for A&A; the logout is a POST request to the /logout endpoint, which redirects the user to the '/' URI. In case it helps - I can do one of the following:

• give you the link to the running app (the easiest and most straightforward solution);
• assemble a sample with a streamlined app and give you access to the Github repo;

The index.html file is a static file served by Tomcat, from a non-standard resources folder (resources/static/dist), as it contains the minified JavaScript and CSS files. The application.yml file was configured accordingly, using the support from the latest Spring Boot.

An excerpt from the application.yml file:

resources:
    cache-period: 604800 # one week, in seconds
    chain:
      cache: true
      gzipped: true
      enabled: true
    static-locations: classpath:/static/dist/

On specific MVC config - I have disabled the favoring of path extensions, as I need the functionality in order to stream some files from the app. The WebMvcConfigurerAdapter config is:

@Override
public void configureContentNegotiation(final ContentNegotiationConfigurer configurer) {
  configurer.favorPathExtension(false);
}

The same setup worked properly with Spring Boot 1.3.7 (and Spring 4.2.7, Tomcat 8.0.36).

Please tell me if you need any more info.

[wilkinsona]

@bogdansolga Can you pleased assemble a sample with a streamlined app? It would be very helpful as it's hard to piece together exactly what you're doing from the description above.

[bogdansolga]

@wilkinsona and @bclozel - I have created this small project to demo the issue.

From an UI perspective - it would still need some fixes to the Angular modules, but it suffices to demonstrate the issue. Just login (using test / test) and then click on 'Logout'.

In case it matters - I have put the resources in the default location (resources/static), not in a custom configured folder (resources/static/dist). I can easily adapt the project to use a custom location, in case it makes any difference.

Please tell me if you need any further details.

[wilkinsona]

@bogdansolga Thanks very much. I've reproduced the problem.

[wilkinsona]

This is due to a change in Spring Framework's ResourceHttpRequestHandler. It now uses ContentNegotiationManager to determine the resource's MediaType. With favorPathExtension set to false, it falls back to HeaderContentNegotationStrategy which, based on the Accept header, means that application/json is used.

I've opened SPR-14577 to track the behaviour change in ResourceHttpRequestHandler.

There's nothing to be done in Spring Boot for this issue so I'm going to close this issue. We'll pick up any fix that's made as part of #6561. A temporary workaround is to leave favorPathExtension set to true.