Issue #2838949 by damiankloip: HttpException Handling Does Not Pass Headers to...

Issue #2838949 by damiankloip: HttpException Handling Does Not Pass Headers to Responses — results e.g. in missing Allow header for 405 responses

core/lib/Drupal/Core/EventSubscriber/ExceptionJsonSubscriber.php

@@ -35,7 +35,7 @@ protected static function getPriority() {
   public function on4xx(GetResponseForExceptionEvent $event) {
     /** @var \Symfony\Component\HttpKernel\Exception\HttpExceptionInterface $exception */
     $exception = $event->getException();
-    $response = new JsonResponse(['message' => $event->getException()->getMessage()], $exception->getStatusCode());
+    $response = new JsonResponse(['message' => $event->getException()->getMessage()], $exception->getStatusCode(), $exception->getHeaders());
     $event->setResponse($response);
   }
 

core/modules/rest/tests/src/Functional/EntityResource/EntityResourceTestBase.php

@@ -666,6 +666,7 @@ public function testPatch() {
     $response = $this->request('PATCH', $url, $request_options);
     if ($has_canonical_url) {
       $this->assertSame(405, $response->getStatusCode());
+      $this->assertSame(['GET, POST, HEAD'], $response->getHeader('Allow'));
       $this->assertSame(['text/html; charset=UTF-8'], $response->getHeader('Content-Type'));
     }
     else {
@@ -678,6 +679,7 @@ public function testPatch() {
 
     // DX: 405 when resource not provisioned.
     $response = $this->request('PATCH', $url, $request_options);
+    $this->assertSame(['GET, POST, HEAD'], $response->getHeader('Allow'));
     $this->assertResourceErrorResponse(405, 'No route found for "PATCH ' . str_replace($this->baseUrl, '', $this->getUrl()->setAbsolute()->toString()) . '": Method Not Allowed (Allow: GET, POST, HEAD)', $response);
 
 
@@ -861,6 +863,7 @@ public function testDelete() {
     $response = $this->request('DELETE', $url, $request_options);
     if ($has_canonical_url) {
       $this->assertSame(405, $response->getStatusCode());
+      $this->assertSame(['GET, POST, HEAD'], $response->getHeader('Allow'));
       $this->assertSame(['text/html; charset=UTF-8'], $response->getHeader('Content-Type'));
     }
     else {
@@ -873,6 +876,7 @@ public function testDelete() {
 
     // DX: 405 when resource not provisioned.
     $response = $this->request('DELETE', $url, $request_options);
+    $this->assertSame(['GET, POST, HEAD'], $response->getHeader('Allow'));
     $this->assertResourceErrorResponse(405, 'No route found for "DELETE ' . str_replace($this->baseUrl, '', $this->getUrl()->setAbsolute()->toString()) . '": Method Not Allowed (Allow: GET, POST, HEAD)', $response);
 
 

core/modules/serialization/src/EventSubscriber/DefaultExceptionSubscriber.php

@@ -64,12 +64,17 @@ protected static function getPriority() {
   public function on4xx(GetResponseForExceptionEvent $event) {
     /** @var \Symfony\Component\HttpKernel\Exception\HttpExceptionInterface $exception */
     $exception = $event->getException();
+    $request = $event->getRequest();
 
-    $format = $event->getRequest()->getRequestFormat();
+    $format = $request->getRequestFormat();
     $content = ['message' => $event->getException()->getMessage()];
     $encoded_content = $this->serializer->serialize($content, $format);
+    $headers = $exception->getHeaders();
 
-    $response = new Response($encoded_content, $exception->getStatusCode());
+    // Add the MIME type from the request to send back in the header.
+    $headers['Content-Type'] = $request->getMimeType($format);
+
+    $response = new Response($encoded_content, $exception->getStatusCode(), $headers);
     $event->setResponse($response);
   }
 

core/modules/serialization/tests/src/Unit/EventSubscriber/DefaultExceptionSubscriberTest.php

+<?php
+
+namespace Drupal\Tests\serialization\Unit\EventSubscriber;
+
+use Drupal\serialization\Encoder\JsonEncoder;
+use Drupal\serialization\EventSubscriber\DefaultExceptionSubscriber;
+use Drupal\Tests\UnitTestCase;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent;
+use Symfony\Component\HttpKernel\Exception\MethodNotAllowedHttpException;
+use Symfony\Component\HttpKernel\HttpKernelInterface;
+use Symfony\Component\Serializer\Serializer;
+
+/**
+ * @coversDefaultClass \Drupal\serialization\EventSubscriber\DefaultExceptionSubscriber
+ * @group serialization
+ */
+class DefaultExceptionSubscriberTest extends UnitTestCase {
+
+  /**
+   * @covers ::on4xx
+   */
+  public function testOn4xx() {
+    $kernel = $this->prophesize(HttpKernelInterface::class);
+    $request = Request::create('/test');
+    $request->setRequestFormat('json');
+
+    $e = new MethodNotAllowedHttpException(['POST', 'PUT'], 'test message');
+    $event = new GetResponseForExceptionEvent($kernel->reveal(), $request, 'GET', $e);
+    $subscriber = new DefaultExceptionSubscriber(new Serializer([], [new JsonEncoder()]), []);
+    $subscriber->on4xx($event);
+    $response = $event->getResponse();
+
+    $this->assertInstanceOf(Response::class, $response);
+    $this->assertEquals('{"message":"test message"}', $response->getContent());
+    $this->assertEquals(405, $response->getStatusCode());
+    $this->assertEquals('POST, PUT', $response->headers->get('Allow'));
+    $this->assertEquals('application/json', $response->headers->get('Content-Type'));
+  }
+
+}

core/tests/Drupal/Tests/Core/EventSubscriber/DefaultExceptionSubscriberTest.php

@@ -23,10 +23,9 @@ class DefaultExceptionSubscriberTest extends UnitTestCase {
   public function testOnExceptionWithUnknownFormat() {
     $config_factory = $this->getConfigFactoryStub();
 
-    // Format 'bananas' requested, yet only 'json' allowed.
     $kernel = $this->prophesize(HttpKernelInterface::class);
     $request = Request::create('/test?_format=bananas');
-    $e = new MethodNotAllowedHttpException(['json'], 'test message');
+    $e = new MethodNotAllowedHttpException(['POST', 'PUT'], 'test message');
     $event = new GetResponseForExceptionEvent($kernel->reveal(), $request, 'GET', $e);
     $subscriber = new DefaultExceptionSubscriber($config_factory);
     $subscriber->onException($event);
@@ -35,6 +34,9 @@ public function testOnExceptionWithUnknownFormat() {
     $this->assertInstanceOf(Response::class, $response);
     $this->assertEquals('test message', $response->getContent());
     $this->assertEquals(405, $response->getStatusCode());
+    $this->assertEquals('POST, PUT', $response->headers->get('Allow'));
+    // Also check that that text/plain content type was added.
+    $this->assertEquals('text/plain', $response->headers->get('Content-Type'));
   }
 
 }

core/tests/Drupal/Tests/Core/EventSubscriber/ExceptionJsonSubscriberTest.php

+<?php
+
+namespace Drupal\Tests\Core\EventSubscriber;
+
+use Drupal\Core\EventSubscriber\ExceptionJsonSubscriber;
+use Drupal\Tests\UnitTestCase;
+use Symfony\Component\HttpFoundation\JsonResponse;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent;
+use Symfony\Component\HttpKernel\Exception\MethodNotAllowedHttpException;
+use Symfony\Component\HttpKernel\HttpKernelInterface;
+
+/**
+ * @coversDefaultClass \Drupal\Core\EventSubscriber\ExceptionJsonSubscriber
+ * @group EventSubscriber
+ */
+class ExceptionJsonSubscriberTest extends UnitTestCase {
+
+  /**
+   * @covers ::on4xx
+   */
+  public function testOn4xx() {
+    $kernel = $this->prophesize(HttpKernelInterface::class);
+    $request = Request::create('/test');
+    $e = new MethodNotAllowedHttpException(['POST', 'PUT'], 'test message');
+    $event = new GetResponseForExceptionEvent($kernel->reveal(), $request, 'GET', $e);
+    $subscriber = new ExceptionJsonSubscriber();
+    $subscriber->on4xx($event);
+    $response = $event->getResponse();
+
+    $this->assertInstanceOf(JsonResponse::class, $response);
+    $this->assertEquals('{"message":"test message"}', $response->getContent());
+    $this->assertEquals(405, $response->getStatusCode());
+    $this->assertEquals('POST, PUT', $response->headers->get('Allow'));
+    $this->assertEquals('application/json', $response->headers->get('Content-Type'));
+  }
+
+}