Skip to content

Propagate HTTP headers in ExceptionUtil #7352

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
labkey-jeckels merged 2 commits into from
Jan 23, 2026
Merged

Propagate HTTP headers in ExceptionUtil #7352

labkey-jeckels merged 2 commits into from
Jan 23, 2026

Conversation

@labkey-jeckels
Copy link
Contributor

@labkey-jeckels labkey-jeckels commented Jan 22, 2026

Rationale

We don't want to reset all HTTP headers when returning a 401 or other error page

Changes

  • Retain HTTP headers like CSP and Strict-Transport-Security
  • Minor code cleanup and Java 25 syntax

@labkey-jeckels labkey-jeckels self-assigned this Jan 22, 2026
labkey-matthewb
labkey-matthewb reviewed Jan 22, 2026
View reviewed changes
api/src/org/labkey/api/util/ExceptionUtil.java

response.reset();

securityHeaders.forEach(response::setHeader);
Copy link
Contributor

@labkey-matthewb labkey-matthewb Jan 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should this test response.isCommitted()? Will it throw if setHeader() is called late?

Copy link
Contributor Author

@labkey-jeckels labkey-jeckels Jan 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is all inside of if (!response.isCommitted()). See line 823, just outside the lines shown in the diff.

labkey-tchad
labkey-tchad approved these changes Jan 23, 2026
View reviewed changes
Copy link
Member

@labkey-tchad labkey-tchad left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Manual test didn't turn up any problems and TeamCity seems happy.

@labkey-jeckels labkey-jeckels merged commit ff665a1 into develop Jan 23, 2026
13 checks passed
@labkey-jeckels labkey-jeckels deleted the fb_792_httpHeadersOnError branch January 23, 2026 23:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@labkey-matthewb labkey-matthewb labkey-matthewb approved these changes

@labkey-tchad labkey-tchad labkey-tchad approved these changes

Assignees

@labkey-jeckels labkey-jeckels

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@labkey-jeckels @labkey-tchad @labkey-matthewb