Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Ordering of `WebMvcMetricsFilter` breaks character encoding

See original GitHub issue

Actuator’s WebMvcMetricsFilter has a hard-coded order of Ordered.HIGHEST_PRECEDENCE, which in practice puts it ahead of CharacterEncodingFilter. Since WebMvcMetricsFilter performs the mapping introspection, under some circumstances it will touch the POST data hence breaking the CharacterEncodingFilter.

I’ve managed to put together a sample app that exhibits this behavior with a specific set of request mapping paths. After starting the app, issue the following HTTP POST request (samples use HTTPie):

$ http -f POST :8080/pv/post name='Vedran Pavić' Content-Type:'application/x-www-form-urlencoded'
HTTP/1.1 200 
Content-Length: 21
Content-Type: text/plain;charset=UTF-8
Date: Thu, 11 Jan 2018 17:58:44 GMT

Hello Vedran PaviÄ

When spring-boot-starter-actuator is removed from the dependencies, which gets WebMvcMetricsFilter out of the picture, request is processed as expected:

$ http -f POST :8080/pv/post name='Vedran Pavić' Content-Type:'application/x-www-form-urlencoded'
HTTP/1.1 200 
Content-Length: 19
Content-Type: text/plain;charset=UTF-8
Date: Thu, 11 Jan 2018 17:59:32 GMT

Hello Vedran Pavić

Issue Analytics

State:
Created 6 years ago
Comments:12 (5 by maintainers)

Top GitHub Comments

1reaction

vpaviccommented, Jan 16, 2018

Remove @GetMapping which use parameter based mapping, then post will work fine or remove the path variable from post then it will work fine.

I wouldn’t call this a workaround as it requires you to drop the handler mapping that’s perfectly valid. The actual workaround that’s viable would involve, as you initially suggested, extending the CharacterEncodingFilter to implement PriorityOrdered and replace the OrderedCharacterEncodingFilter provided by Boot.

That being said, I’m not sure Boot should make implementing PriorityOrdered a permanent fix as it sounds a bit extreme measure for a web filter (are there any web filters implementing PriorityOrdered across the Spring projects?). Additionally, if for some reason users really do want to get something in front of CharacterEncodingFilter that would be a potential problem for them. And like with the current situation, if in the future there is some other framework provided filter that also implements PriorityOrdered with the same order we’d have the same situation (that’s why IMO web filter implementing PriorityOrdered is a dangerous precedent).

IMO Boot should consider having a well defined (and tested) order of web filters it provides/configures which would make it easier both for Boot itself and users to add new filters to the mix as the results would be predictable.

1reaction

sriki77commented, Jan 12, 2018

Should the CharacterEncodingFilter be made to implement PriorityOrdered with highest precedence?

Top Results From Across the Web

DOMDocument breaks encoding? - php - Stack Overflow

Here's a workaround that adds the proper encoding via meta header: $DOM->loadHTML('<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />' .

Declaring character encodings in HTML - W3C

Question. How should I declare the encoding of my HTML file? You should always specify the encoding used for an HTML or XML...

Byte order mark - Wikipedia

The byte order mark (BOM) is a particular usage of the special Unicode character, U+FEFF BYTE ORDER MARK, whose appearance as a magic...

about Character Encoding - PowerShell | Microsoft Learn

Character encoding in Windows PowerShell · Ascii Uses Ascii (7-bit) character set. · BigEndianUnicode Uses UTF-16 with the big-endian byte order.

UTF-8: The Secret of Character Encoding - HTML Purifier

Byte Order Mark (headers already sent!) Fonts. Obscure scripts; Occasional use. Dealing with variable width in functions. Further Reading. Finding the real ...