[
https://issues.apache.org/jira/browse/CXF-8154?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16973520#comment-16973520
]
Mike Kelly commented on CXF-8154:
---------------------------------
Indeed, I had remembered seeing reason phrases from other parts of my
application in the past, but I see that now none of those endpoints are
returning it, so yes, it must be related to a semi-recent Tomcat change.
Thanks for checking this.
I guess their reason for removing this is to reduce the risk of response
splitting attacks and the like?
Most of my errors already have some clear response body that includes more
description of the problem (as provided by the default handlers from Spring
Boot), but for some errors triggered from CXF, I get an empty response body.
Is there a recommended extension point for CXF / JAX-RS that I can use to add
such behavior myself?
For example, if I make a request with an unsupported method (e.g. a POST
request to a path that only has {{@GET}} mappings), I just get something back
like this (some headers from Spring Security, cookies, etc omitted):
{noformat}
HTTP/1.1 405
Allow: DELETE,POST,GET,PUT,OPTIONS,HEAD
Content-Length: 0
{noformat}
Is there a good way that I can reliably intercept the exception handling close
to when that response is sent, and add my own custom response body? I see a
{{JAXRSDefaultFaultOutInterceptor}}, but that appears to be XML-specific?
> No "Reason Phrase" Sent with HTTP Responses
> -------------------------------------------
>
> Key: CXF-8154
> URL: https://issues.apache.org/jira/browse/CXF-8154
> Project: CXF
> Issue Type: Bug
> Components: JAX-RS
> Affects Versions: 3.3.4
> Environment: Apache Tomcat 8.5, OpenJDK 1.8
> Reporter: Mike Kelly
> Priority: Minor
>
> When I throw, for example, a {{javax.ws.rs.NotFoundException}}, my
> expectation is that the response would start with a Status Line like:
> {noformat}
> HTTP/1.1 404 Not Found
> {noformat}
> However, I just get a response like:
> {noformat}
> HTTP/1.1 404
> {noformat}
> This seems to be true both if I provide a {{message}} when I construct the
> exception, or if I use the no argument constructor.
> This is similarly true for any exceptions triggered internally by CXF, for
> example if I make a request with an unsupported method. The stack trace in my
> logs shows a {{javax.ws.rs.ClientErrorException: HTTP 406 Not Acceptable}},
> but the response just shows {{HTTP/1.1 406}}.
> My expectation is that either the appropriate default "reason phrase", or the
> {{message}} I provided to my constructed exception, would be returned to the
> caller?
> My reading of RFC 2616 is that such a reason phrase is not optional:
> https://tools.ietf.org/html/rfc2616#section-6.1
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
