Is '*' a valid wildcard for a content type according to HTTP spec?











up vote
2
down vote

favorite
1












We're using the Jersey reference implementation of Jax-RS. The Jax-RS client implementation of Jersey is appending a default accept header to the request if no accept header is specified. The default accept header looks like this:



Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 


As you can see, it uses a single asterisk '*' as content-type (after image/jpeg).



In the Jax-RS spec (see here), this single * is defined as



/**
* The value of a type or subtype wildcard {@value #MEDIA_TYPE_WILDCARD}.
*/
public static final String MEDIA_TYPE_WILDCARD = "*";


which I interpret as "wildcard for any media type"



The '*/*' is defined as



/**
* A {@code String} constant representing wildcard {@value #WILDCARD} media type .
*/
public final static String WILDCARD = "*/*";


which I interpret as "wildcard for any media range"



However, the HTTP spec (RFC7231) does not mention an "any media type" wildcard, only media-range wildcards:



media-range    = ( "*/*"
/ ( type "/" "*" )
/ ( type "/" subtype )
) *( OWS ";" OWS parameter )

(..)

The asterisk "*" character is used to group media types into ranges,
with "*/*" indicating all media types and "type/*" indicating all
subtypes of that type. The media-range can include media type
parameters that are applicable to that range.


Which I interpret as allowed content-types:




  • */*

  • text/*

  • text/plain


in other words, the content type has to be always of the form "something slash something" or "a single * is not a valid content type". Although, the latter is not explicitly stated.



Now both specs are publicly standardized, with the HTTP spec being somewhat the parent document to the Jax-RS spec as Jax-RS is based on HTTP. IMHO both standards contradict each other regarding the wildcard content types.



Question is, what is applicable?




  • Is a single asterisk "*" a valid content type (allowing the server to respond with any content type")

  • OR should the use of the single asterisk should produce an error? If yes, which one?


    • 400 Bad Requst

    • 406 not acceptable



  • OR should the server be more tolerant and treat the * same as the wildcard */* although * is no valid content type (and probably produce a warning in the log or something)?










share|improve this question
























  • I think it is important to know which client are you referring to when you say "The Jax-RS client implementation of Jersey is appending a default accept header to the request". Can you please clarify?
    – Ankur Chrungoo
    Nov 21 at 10:08










  • I create & use a Jax-RS client using the Jersey reference implementation. When I don't specify an accept header, Jersey sets the default header (see here stackoverflow.com/questions/40900870/…)
    – Gerald Mücke
    Nov 21 at 10:17















up vote
2
down vote

favorite
1












We're using the Jersey reference implementation of Jax-RS. The Jax-RS client implementation of Jersey is appending a default accept header to the request if no accept header is specified. The default accept header looks like this:



Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 


As you can see, it uses a single asterisk '*' as content-type (after image/jpeg).



In the Jax-RS spec (see here), this single * is defined as



/**
* The value of a type or subtype wildcard {@value #MEDIA_TYPE_WILDCARD}.
*/
public static final String MEDIA_TYPE_WILDCARD = "*";


which I interpret as "wildcard for any media type"



The '*/*' is defined as



/**
* A {@code String} constant representing wildcard {@value #WILDCARD} media type .
*/
public final static String WILDCARD = "*/*";


which I interpret as "wildcard for any media range"



However, the HTTP spec (RFC7231) does not mention an "any media type" wildcard, only media-range wildcards:



media-range    = ( "*/*"
/ ( type "/" "*" )
/ ( type "/" subtype )
) *( OWS ";" OWS parameter )

(..)

The asterisk "*" character is used to group media types into ranges,
with "*/*" indicating all media types and "type/*" indicating all
subtypes of that type. The media-range can include media type
parameters that are applicable to that range.


Which I interpret as allowed content-types:




  • */*

  • text/*

  • text/plain


in other words, the content type has to be always of the form "something slash something" or "a single * is not a valid content type". Although, the latter is not explicitly stated.



Now both specs are publicly standardized, with the HTTP spec being somewhat the parent document to the Jax-RS spec as Jax-RS is based on HTTP. IMHO both standards contradict each other regarding the wildcard content types.



Question is, what is applicable?




  • Is a single asterisk "*" a valid content type (allowing the server to respond with any content type")

  • OR should the use of the single asterisk should produce an error? If yes, which one?


    • 400 Bad Requst

    • 406 not acceptable



  • OR should the server be more tolerant and treat the * same as the wildcard */* although * is no valid content type (and probably produce a warning in the log or something)?










share|improve this question
























  • I think it is important to know which client are you referring to when you say "The Jax-RS client implementation of Jersey is appending a default accept header to the request". Can you please clarify?
    – Ankur Chrungoo
    Nov 21 at 10:08










  • I create & use a Jax-RS client using the Jersey reference implementation. When I don't specify an accept header, Jersey sets the default header (see here stackoverflow.com/questions/40900870/…)
    – Gerald Mücke
    Nov 21 at 10:17













up vote
2
down vote

favorite
1









up vote
2
down vote

favorite
1






1





We're using the Jersey reference implementation of Jax-RS. The Jax-RS client implementation of Jersey is appending a default accept header to the request if no accept header is specified. The default accept header looks like this:



Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 


As you can see, it uses a single asterisk '*' as content-type (after image/jpeg).



In the Jax-RS spec (see here), this single * is defined as



/**
* The value of a type or subtype wildcard {@value #MEDIA_TYPE_WILDCARD}.
*/
public static final String MEDIA_TYPE_WILDCARD = "*";


which I interpret as "wildcard for any media type"



The '*/*' is defined as



/**
* A {@code String} constant representing wildcard {@value #WILDCARD} media type .
*/
public final static String WILDCARD = "*/*";


which I interpret as "wildcard for any media range"



However, the HTTP spec (RFC7231) does not mention an "any media type" wildcard, only media-range wildcards:



media-range    = ( "*/*"
/ ( type "/" "*" )
/ ( type "/" subtype )
) *( OWS ";" OWS parameter )

(..)

The asterisk "*" character is used to group media types into ranges,
with "*/*" indicating all media types and "type/*" indicating all
subtypes of that type. The media-range can include media type
parameters that are applicable to that range.


Which I interpret as allowed content-types:




  • */*

  • text/*

  • text/plain


in other words, the content type has to be always of the form "something slash something" or "a single * is not a valid content type". Although, the latter is not explicitly stated.



Now both specs are publicly standardized, with the HTTP spec being somewhat the parent document to the Jax-RS spec as Jax-RS is based on HTTP. IMHO both standards contradict each other regarding the wildcard content types.



Question is, what is applicable?




  • Is a single asterisk "*" a valid content type (allowing the server to respond with any content type")

  • OR should the use of the single asterisk should produce an error? If yes, which one?


    • 400 Bad Requst

    • 406 not acceptable



  • OR should the server be more tolerant and treat the * same as the wildcard */* although * is no valid content type (and probably produce a warning in the log or something)?










share|improve this question















We're using the Jersey reference implementation of Jax-RS. The Jax-RS client implementation of Jersey is appending a default accept header to the request if no accept header is specified. The default accept header looks like this:



Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 


As you can see, it uses a single asterisk '*' as content-type (after image/jpeg).



In the Jax-RS spec (see here), this single * is defined as



/**
* The value of a type or subtype wildcard {@value #MEDIA_TYPE_WILDCARD}.
*/
public static final String MEDIA_TYPE_WILDCARD = "*";


which I interpret as "wildcard for any media type"



The '*/*' is defined as



/**
* A {@code String} constant representing wildcard {@value #WILDCARD} media type .
*/
public final static String WILDCARD = "*/*";


which I interpret as "wildcard for any media range"



However, the HTTP spec (RFC7231) does not mention an "any media type" wildcard, only media-range wildcards:



media-range    = ( "*/*"
/ ( type "/" "*" )
/ ( type "/" subtype )
) *( OWS ";" OWS parameter )

(..)

The asterisk "*" character is used to group media types into ranges,
with "*/*" indicating all media types and "type/*" indicating all
subtypes of that type. The media-range can include media type
parameters that are applicable to that range.


Which I interpret as allowed content-types:




  • */*

  • text/*

  • text/plain


in other words, the content type has to be always of the form "something slash something" or "a single * is not a valid content type". Although, the latter is not explicitly stated.



Now both specs are publicly standardized, with the HTTP spec being somewhat the parent document to the Jax-RS spec as Jax-RS is based on HTTP. IMHO both standards contradict each other regarding the wildcard content types.



Question is, what is applicable?




  • Is a single asterisk "*" a valid content type (allowing the server to respond with any content type")

  • OR should the use of the single asterisk should produce an error? If yes, which one?


    • 400 Bad Requst

    • 406 not acceptable



  • OR should the server be more tolerant and treat the * same as the wildcard */* although * is no valid content type (and probably produce a warning in the log or something)?







java http jax-rs http-accept-header






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Nov 23 at 6:20

























asked Nov 21 at 9:24









Gerald Mücke

6,60412146




6,60412146












  • I think it is important to know which client are you referring to when you say "The Jax-RS client implementation of Jersey is appending a default accept header to the request". Can you please clarify?
    – Ankur Chrungoo
    Nov 21 at 10:08










  • I create & use a Jax-RS client using the Jersey reference implementation. When I don't specify an accept header, Jersey sets the default header (see here stackoverflow.com/questions/40900870/…)
    – Gerald Mücke
    Nov 21 at 10:17


















  • I think it is important to know which client are you referring to when you say "The Jax-RS client implementation of Jersey is appending a default accept header to the request". Can you please clarify?
    – Ankur Chrungoo
    Nov 21 at 10:08










  • I create & use a Jax-RS client using the Jersey reference implementation. When I don't specify an accept header, Jersey sets the default header (see here stackoverflow.com/questions/40900870/…)
    – Gerald Mücke
    Nov 21 at 10:17
















I think it is important to know which client are you referring to when you say "The Jax-RS client implementation of Jersey is appending a default accept header to the request". Can you please clarify?
– Ankur Chrungoo
Nov 21 at 10:08




I think it is important to know which client are you referring to when you say "The Jax-RS client implementation of Jersey is appending a default accept header to the request". Can you please clarify?
– Ankur Chrungoo
Nov 21 at 10:08












I create & use a Jax-RS client using the Jersey reference implementation. When I don't specify an accept header, Jersey sets the default header (see here stackoverflow.com/questions/40900870/…)
– Gerald Mücke
Nov 21 at 10:17




I create & use a Jax-RS client using the Jersey reference implementation. When I don't specify an accept header, Jersey sets the default header (see here stackoverflow.com/questions/40900870/…)
– Gerald Mücke
Nov 21 at 10:17












2 Answers
2






active

oldest

votes

















up vote
2
down vote













You say:




which I interpret as "wildcard for any media type"




I think that is incorrect. It is a wildcard for type or subtype. The wildcard for any media type is defined as */*, like in the HTTP spec.



Also, when in doubt, follow the HTTP spec. In the end, that is the communication protocol you are using. The other party might not know about the Jax-RS spec.






share|improve this answer





















  • so you say, the jax-rs spec is incorrect (because it uses the * as wildcard for a content type)?
    – Gerald Mücke
    Nov 21 at 9:34






  • 1




    @GeraldMücke yes, it looks like that. On the other hand, following Postel, you might want to accept the * coming from a client and interpret it as */*.
    – Bart Friederichs
    Nov 21 at 9:35












  • The intention in JAX-RS is different. It is a matching on the target side. This is just for matching the incoming request - which has a concrete media type like e.g. application/json - to a service endpoint. If the ServiceEndpoint has e.g @Produces("/json") then it will be used. An endpoint with @Produces("*/xml") obviously will not. A ServiceEndpoing with @Produces(") will match every requested Accept.
    – struberg
    Nov 21 at 10:02










  • Problem is, the jersey client sends the * wildcard content type in the request to the server, what if the server side is not a Jax-RS based rest service?
    – Gerald Mücke
    Nov 21 at 10:09










  • @GeraldMücke well, that will certainly depend on the server. I doubt it will create serious problems, but you will have to test thoroughly.
    – Bart Friederichs
    Nov 21 at 10:23


















up vote
1
down vote













It seems to be a problem with the Jersey client library/code.



Looking through the JAX-RS specification at




https://download.oracle.com/otn-pub/jcp/jaxrs-2_0-fr-eval-spec/jsr339-jaxrs-2.0-final-spec.pdf?AuthParam=1542959568_b3be8ccd614accaf7749ade85e6ebf67




, I could not find any explicit mention of supporting a media type * . It explicitly mentions supported media types like "n/m" where m could be * or n and m could be *, but only * is nowhere mentioned.



A quote from the document:




First, let us define the client media type and the server media type
as those denoted by the Accept header in a request and the @Produces
annotation on a resource method, respectively. Let a client media type
be of the form n/m;q=v1, a server media type be of the form n/m;qs=v2
and a combined media type of the form n/m;q=v1;qs=v2;d=v3, where the
distance factor d is defined below. For any of these types, m could be
∗, or m and n could be ∗ and the values of q and qs are assumed to be
1.0 if absent




Thus, I believe there is something wrong with the Jersey client API which creates the default Accept header when there is no explicit one provided and sets its value to the one which you have mentioned, i.e.



Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 


Also, just to add here, the JAX-RS specification, mentions this:



(a) Filter M by removing members that do not meet the following criteria:
• The request method is supported. If no methods support the request method an implementation
MUST generate a NotAllowedException (405 status) and no entity. Note the
additional support for HEAD and OPTIONS described in Section 3.3.5.
• The media type of the request entity body (if any) is a supported input data format (see Section
3.5). If no methods support the media type of the request entity body an implementation
MUST generate a NotSupportedException (415 status) and no entity.
• At least one of the acceptable response entity body media types is a supported output data
format (see Section 3.5). If no methods support one of the acceptable response entity body
media types an implementation MUST generate a NotAcceptableException (406 status)
and no entity


Thus, 406 HTTP code would be appropriate if the requested media type (in Accept header) cannot be matched with any server supported methods' response media types.



However, in your case, there are various media types specified in the request including the generic one which supports all media types, so throwing an error wouldn't be the right thing to do, even though * is not exactly a correct media type.






share|improve this answer























  • Throwing an error is IMHO ok, as the request header field is malformed...
    – Julian Reschke
    Nov 21 at 13:38










  • @JulianReschke that would make it restrictive and possibly become a blocker for the reporter, since he also pointed to another link which mentions developers had a hard time removing the default Accept header. Also, as indicated by Bart above, robustness is a good idea to be considered here: en.wikipedia.org/wiki/Robustness_principle
    – Ankur Chrungoo
    Nov 21 at 13:56












  • Understood. I just wanted to point out that it's OK according to the spec. Also keep in mind that drastic error handling helps keeping the protocol clean without nasty interop problems. See XML or HTTP/2.
    – Julian Reschke
    Nov 21 at 14:07










  • Updated the URL link again, as it wasn't working earlier.
    – Ankur Chrungoo
    Nov 23 at 7:52










  • Corrected the response code from 415 to 406 in the description.
    – Ankur Chrungoo
    Nov 23 at 7:58











Your Answer






StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53408842%2fis-a-valid-wildcard-for-a-content-type-according-to-http-spec%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























2 Answers
2






active

oldest

votes








2 Answers
2






active

oldest

votes









active

oldest

votes






active

oldest

votes








up vote
2
down vote













You say:




which I interpret as "wildcard for any media type"




I think that is incorrect. It is a wildcard for type or subtype. The wildcard for any media type is defined as */*, like in the HTTP spec.



Also, when in doubt, follow the HTTP spec. In the end, that is the communication protocol you are using. The other party might not know about the Jax-RS spec.






share|improve this answer





















  • so you say, the jax-rs spec is incorrect (because it uses the * as wildcard for a content type)?
    – Gerald Mücke
    Nov 21 at 9:34






  • 1




    @GeraldMücke yes, it looks like that. On the other hand, following Postel, you might want to accept the * coming from a client and interpret it as */*.
    – Bart Friederichs
    Nov 21 at 9:35












  • The intention in JAX-RS is different. It is a matching on the target side. This is just for matching the incoming request - which has a concrete media type like e.g. application/json - to a service endpoint. If the ServiceEndpoint has e.g @Produces("/json") then it will be used. An endpoint with @Produces("*/xml") obviously will not. A ServiceEndpoing with @Produces(") will match every requested Accept.
    – struberg
    Nov 21 at 10:02










  • Problem is, the jersey client sends the * wildcard content type in the request to the server, what if the server side is not a Jax-RS based rest service?
    – Gerald Mücke
    Nov 21 at 10:09










  • @GeraldMücke well, that will certainly depend on the server. I doubt it will create serious problems, but you will have to test thoroughly.
    – Bart Friederichs
    Nov 21 at 10:23















up vote
2
down vote













You say:




which I interpret as "wildcard for any media type"




I think that is incorrect. It is a wildcard for type or subtype. The wildcard for any media type is defined as */*, like in the HTTP spec.



Also, when in doubt, follow the HTTP spec. In the end, that is the communication protocol you are using. The other party might not know about the Jax-RS spec.






share|improve this answer





















  • so you say, the jax-rs spec is incorrect (because it uses the * as wildcard for a content type)?
    – Gerald Mücke
    Nov 21 at 9:34






  • 1




    @GeraldMücke yes, it looks like that. On the other hand, following Postel, you might want to accept the * coming from a client and interpret it as */*.
    – Bart Friederichs
    Nov 21 at 9:35












  • The intention in JAX-RS is different. It is a matching on the target side. This is just for matching the incoming request - which has a concrete media type like e.g. application/json - to a service endpoint. If the ServiceEndpoint has e.g @Produces("/json") then it will be used. An endpoint with @Produces("*/xml") obviously will not. A ServiceEndpoing with @Produces(") will match every requested Accept.
    – struberg
    Nov 21 at 10:02










  • Problem is, the jersey client sends the * wildcard content type in the request to the server, what if the server side is not a Jax-RS based rest service?
    – Gerald Mücke
    Nov 21 at 10:09










  • @GeraldMücke well, that will certainly depend on the server. I doubt it will create serious problems, but you will have to test thoroughly.
    – Bart Friederichs
    Nov 21 at 10:23













up vote
2
down vote










up vote
2
down vote









You say:




which I interpret as "wildcard for any media type"




I think that is incorrect. It is a wildcard for type or subtype. The wildcard for any media type is defined as */*, like in the HTTP spec.



Also, when in doubt, follow the HTTP spec. In the end, that is the communication protocol you are using. The other party might not know about the Jax-RS spec.






share|improve this answer












You say:




which I interpret as "wildcard for any media type"




I think that is incorrect. It is a wildcard for type or subtype. The wildcard for any media type is defined as */*, like in the HTTP spec.



Also, when in doubt, follow the HTTP spec. In the end, that is the communication protocol you are using. The other party might not know about the Jax-RS spec.







share|improve this answer












share|improve this answer



share|improve this answer










answered Nov 21 at 9:33









Bart Friederichs

24.3k1162122




24.3k1162122












  • so you say, the jax-rs spec is incorrect (because it uses the * as wildcard for a content type)?
    – Gerald Mücke
    Nov 21 at 9:34






  • 1




    @GeraldMücke yes, it looks like that. On the other hand, following Postel, you might want to accept the * coming from a client and interpret it as */*.
    – Bart Friederichs
    Nov 21 at 9:35












  • The intention in JAX-RS is different. It is a matching on the target side. This is just for matching the incoming request - which has a concrete media type like e.g. application/json - to a service endpoint. If the ServiceEndpoint has e.g @Produces("/json") then it will be used. An endpoint with @Produces("*/xml") obviously will not. A ServiceEndpoing with @Produces(") will match every requested Accept.
    – struberg
    Nov 21 at 10:02










  • Problem is, the jersey client sends the * wildcard content type in the request to the server, what if the server side is not a Jax-RS based rest service?
    – Gerald Mücke
    Nov 21 at 10:09










  • @GeraldMücke well, that will certainly depend on the server. I doubt it will create serious problems, but you will have to test thoroughly.
    – Bart Friederichs
    Nov 21 at 10:23


















  • so you say, the jax-rs spec is incorrect (because it uses the * as wildcard for a content type)?
    – Gerald Mücke
    Nov 21 at 9:34






  • 1




    @GeraldMücke yes, it looks like that. On the other hand, following Postel, you might want to accept the * coming from a client and interpret it as */*.
    – Bart Friederichs
    Nov 21 at 9:35












  • The intention in JAX-RS is different. It is a matching on the target side. This is just for matching the incoming request - which has a concrete media type like e.g. application/json - to a service endpoint. If the ServiceEndpoint has e.g @Produces("/json") then it will be used. An endpoint with @Produces("*/xml") obviously will not. A ServiceEndpoing with @Produces(") will match every requested Accept.
    – struberg
    Nov 21 at 10:02










  • Problem is, the jersey client sends the * wildcard content type in the request to the server, what if the server side is not a Jax-RS based rest service?
    – Gerald Mücke
    Nov 21 at 10:09










  • @GeraldMücke well, that will certainly depend on the server. I doubt it will create serious problems, but you will have to test thoroughly.
    – Bart Friederichs
    Nov 21 at 10:23
















so you say, the jax-rs spec is incorrect (because it uses the * as wildcard for a content type)?
– Gerald Mücke
Nov 21 at 9:34




so you say, the jax-rs spec is incorrect (because it uses the * as wildcard for a content type)?
– Gerald Mücke
Nov 21 at 9:34




1




1




@GeraldMücke yes, it looks like that. On the other hand, following Postel, you might want to accept the * coming from a client and interpret it as */*.
– Bart Friederichs
Nov 21 at 9:35






@GeraldMücke yes, it looks like that. On the other hand, following Postel, you might want to accept the * coming from a client and interpret it as */*.
– Bart Friederichs
Nov 21 at 9:35














The intention in JAX-RS is different. It is a matching on the target side. This is just for matching the incoming request - which has a concrete media type like e.g. application/json - to a service endpoint. If the ServiceEndpoint has e.g @Produces("/json") then it will be used. An endpoint with @Produces("*/xml") obviously will not. A ServiceEndpoing with @Produces(") will match every requested Accept.
– struberg
Nov 21 at 10:02




The intention in JAX-RS is different. It is a matching on the target side. This is just for matching the incoming request - which has a concrete media type like e.g. application/json - to a service endpoint. If the ServiceEndpoint has e.g @Produces("/json") then it will be used. An endpoint with @Produces("*/xml") obviously will not. A ServiceEndpoing with @Produces(") will match every requested Accept.
– struberg
Nov 21 at 10:02












Problem is, the jersey client sends the * wildcard content type in the request to the server, what if the server side is not a Jax-RS based rest service?
– Gerald Mücke
Nov 21 at 10:09




Problem is, the jersey client sends the * wildcard content type in the request to the server, what if the server side is not a Jax-RS based rest service?
– Gerald Mücke
Nov 21 at 10:09












@GeraldMücke well, that will certainly depend on the server. I doubt it will create serious problems, but you will have to test thoroughly.
– Bart Friederichs
Nov 21 at 10:23




@GeraldMücke well, that will certainly depend on the server. I doubt it will create serious problems, but you will have to test thoroughly.
– Bart Friederichs
Nov 21 at 10:23












up vote
1
down vote













It seems to be a problem with the Jersey client library/code.



Looking through the JAX-RS specification at




https://download.oracle.com/otn-pub/jcp/jaxrs-2_0-fr-eval-spec/jsr339-jaxrs-2.0-final-spec.pdf?AuthParam=1542959568_b3be8ccd614accaf7749ade85e6ebf67




, I could not find any explicit mention of supporting a media type * . It explicitly mentions supported media types like "n/m" where m could be * or n and m could be *, but only * is nowhere mentioned.



A quote from the document:




First, let us define the client media type and the server media type
as those denoted by the Accept header in a request and the @Produces
annotation on a resource method, respectively. Let a client media type
be of the form n/m;q=v1, a server media type be of the form n/m;qs=v2
and a combined media type of the form n/m;q=v1;qs=v2;d=v3, where the
distance factor d is defined below. For any of these types, m could be
∗, or m and n could be ∗ and the values of q and qs are assumed to be
1.0 if absent




Thus, I believe there is something wrong with the Jersey client API which creates the default Accept header when there is no explicit one provided and sets its value to the one which you have mentioned, i.e.



Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 


Also, just to add here, the JAX-RS specification, mentions this:



(a) Filter M by removing members that do not meet the following criteria:
• The request method is supported. If no methods support the request method an implementation
MUST generate a NotAllowedException (405 status) and no entity. Note the
additional support for HEAD and OPTIONS described in Section 3.3.5.
• The media type of the request entity body (if any) is a supported input data format (see Section
3.5). If no methods support the media type of the request entity body an implementation
MUST generate a NotSupportedException (415 status) and no entity.
• At least one of the acceptable response entity body media types is a supported output data
format (see Section 3.5). If no methods support one of the acceptable response entity body
media types an implementation MUST generate a NotAcceptableException (406 status)
and no entity


Thus, 406 HTTP code would be appropriate if the requested media type (in Accept header) cannot be matched with any server supported methods' response media types.



However, in your case, there are various media types specified in the request including the generic one which supports all media types, so throwing an error wouldn't be the right thing to do, even though * is not exactly a correct media type.






share|improve this answer























  • Throwing an error is IMHO ok, as the request header field is malformed...
    – Julian Reschke
    Nov 21 at 13:38










  • @JulianReschke that would make it restrictive and possibly become a blocker for the reporter, since he also pointed to another link which mentions developers had a hard time removing the default Accept header. Also, as indicated by Bart above, robustness is a good idea to be considered here: en.wikipedia.org/wiki/Robustness_principle
    – Ankur Chrungoo
    Nov 21 at 13:56












  • Understood. I just wanted to point out that it's OK according to the spec. Also keep in mind that drastic error handling helps keeping the protocol clean without nasty interop problems. See XML or HTTP/2.
    – Julian Reschke
    Nov 21 at 14:07










  • Updated the URL link again, as it wasn't working earlier.
    – Ankur Chrungoo
    Nov 23 at 7:52










  • Corrected the response code from 415 to 406 in the description.
    – Ankur Chrungoo
    Nov 23 at 7:58















up vote
1
down vote













It seems to be a problem with the Jersey client library/code.



Looking through the JAX-RS specification at




https://download.oracle.com/otn-pub/jcp/jaxrs-2_0-fr-eval-spec/jsr339-jaxrs-2.0-final-spec.pdf?AuthParam=1542959568_b3be8ccd614accaf7749ade85e6ebf67




, I could not find any explicit mention of supporting a media type * . It explicitly mentions supported media types like "n/m" where m could be * or n and m could be *, but only * is nowhere mentioned.



A quote from the document:




First, let us define the client media type and the server media type
as those denoted by the Accept header in a request and the @Produces
annotation on a resource method, respectively. Let a client media type
be of the form n/m;q=v1, a server media type be of the form n/m;qs=v2
and a combined media type of the form n/m;q=v1;qs=v2;d=v3, where the
distance factor d is defined below. For any of these types, m could be
∗, or m and n could be ∗ and the values of q and qs are assumed to be
1.0 if absent




Thus, I believe there is something wrong with the Jersey client API which creates the default Accept header when there is no explicit one provided and sets its value to the one which you have mentioned, i.e.



Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 


Also, just to add here, the JAX-RS specification, mentions this:



(a) Filter M by removing members that do not meet the following criteria:
• The request method is supported. If no methods support the request method an implementation
MUST generate a NotAllowedException (405 status) and no entity. Note the
additional support for HEAD and OPTIONS described in Section 3.3.5.
• The media type of the request entity body (if any) is a supported input data format (see Section
3.5). If no methods support the media type of the request entity body an implementation
MUST generate a NotSupportedException (415 status) and no entity.
• At least one of the acceptable response entity body media types is a supported output data
format (see Section 3.5). If no methods support one of the acceptable response entity body
media types an implementation MUST generate a NotAcceptableException (406 status)
and no entity


Thus, 406 HTTP code would be appropriate if the requested media type (in Accept header) cannot be matched with any server supported methods' response media types.



However, in your case, there are various media types specified in the request including the generic one which supports all media types, so throwing an error wouldn't be the right thing to do, even though * is not exactly a correct media type.






share|improve this answer























  • Throwing an error is IMHO ok, as the request header field is malformed...
    – Julian Reschke
    Nov 21 at 13:38










  • @JulianReschke that would make it restrictive and possibly become a blocker for the reporter, since he also pointed to another link which mentions developers had a hard time removing the default Accept header. Also, as indicated by Bart above, robustness is a good idea to be considered here: en.wikipedia.org/wiki/Robustness_principle
    – Ankur Chrungoo
    Nov 21 at 13:56












  • Understood. I just wanted to point out that it's OK according to the spec. Also keep in mind that drastic error handling helps keeping the protocol clean without nasty interop problems. See XML or HTTP/2.
    – Julian Reschke
    Nov 21 at 14:07










  • Updated the URL link again, as it wasn't working earlier.
    – Ankur Chrungoo
    Nov 23 at 7:52










  • Corrected the response code from 415 to 406 in the description.
    – Ankur Chrungoo
    Nov 23 at 7:58













up vote
1
down vote










up vote
1
down vote









It seems to be a problem with the Jersey client library/code.



Looking through the JAX-RS specification at




https://download.oracle.com/otn-pub/jcp/jaxrs-2_0-fr-eval-spec/jsr339-jaxrs-2.0-final-spec.pdf?AuthParam=1542959568_b3be8ccd614accaf7749ade85e6ebf67




, I could not find any explicit mention of supporting a media type * . It explicitly mentions supported media types like "n/m" where m could be * or n and m could be *, but only * is nowhere mentioned.



A quote from the document:




First, let us define the client media type and the server media type
as those denoted by the Accept header in a request and the @Produces
annotation on a resource method, respectively. Let a client media type
be of the form n/m;q=v1, a server media type be of the form n/m;qs=v2
and a combined media type of the form n/m;q=v1;qs=v2;d=v3, where the
distance factor d is defined below. For any of these types, m could be
∗, or m and n could be ∗ and the values of q and qs are assumed to be
1.0 if absent




Thus, I believe there is something wrong with the Jersey client API which creates the default Accept header when there is no explicit one provided and sets its value to the one which you have mentioned, i.e.



Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 


Also, just to add here, the JAX-RS specification, mentions this:



(a) Filter M by removing members that do not meet the following criteria:
• The request method is supported. If no methods support the request method an implementation
MUST generate a NotAllowedException (405 status) and no entity. Note the
additional support for HEAD and OPTIONS described in Section 3.3.5.
• The media type of the request entity body (if any) is a supported input data format (see Section
3.5). If no methods support the media type of the request entity body an implementation
MUST generate a NotSupportedException (415 status) and no entity.
• At least one of the acceptable response entity body media types is a supported output data
format (see Section 3.5). If no methods support one of the acceptable response entity body
media types an implementation MUST generate a NotAcceptableException (406 status)
and no entity


Thus, 406 HTTP code would be appropriate if the requested media type (in Accept header) cannot be matched with any server supported methods' response media types.



However, in your case, there are various media types specified in the request including the generic one which supports all media types, so throwing an error wouldn't be the right thing to do, even though * is not exactly a correct media type.






share|improve this answer














It seems to be a problem with the Jersey client library/code.



Looking through the JAX-RS specification at




https://download.oracle.com/otn-pub/jcp/jaxrs-2_0-fr-eval-spec/jsr339-jaxrs-2.0-final-spec.pdf?AuthParam=1542959568_b3be8ccd614accaf7749ade85e6ebf67




, I could not find any explicit mention of supporting a media type * . It explicitly mentions supported media types like "n/m" where m could be * or n and m could be *, but only * is nowhere mentioned.



A quote from the document:




First, let us define the client media type and the server media type
as those denoted by the Accept header in a request and the @Produces
annotation on a resource method, respectively. Let a client media type
be of the form n/m;q=v1, a server media type be of the form n/m;qs=v2
and a combined media type of the form n/m;q=v1;qs=v2;d=v3, where the
distance factor d is defined below. For any of these types, m could be
∗, or m and n could be ∗ and the values of q and qs are assumed to be
1.0 if absent




Thus, I believe there is something wrong with the Jersey client API which creates the default Accept header when there is no explicit one provided and sets its value to the one which you have mentioned, i.e.



Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 


Also, just to add here, the JAX-RS specification, mentions this:



(a) Filter M by removing members that do not meet the following criteria:
• The request method is supported. If no methods support the request method an implementation
MUST generate a NotAllowedException (405 status) and no entity. Note the
additional support for HEAD and OPTIONS described in Section 3.3.5.
• The media type of the request entity body (if any) is a supported input data format (see Section
3.5). If no methods support the media type of the request entity body an implementation
MUST generate a NotSupportedException (415 status) and no entity.
• At least one of the acceptable response entity body media types is a supported output data
format (see Section 3.5). If no methods support one of the acceptable response entity body
media types an implementation MUST generate a NotAcceptableException (406 status)
and no entity


Thus, 406 HTTP code would be appropriate if the requested media type (in Accept header) cannot be matched with any server supported methods' response media types.



However, in your case, there are various media types specified in the request including the generic one which supports all media types, so throwing an error wouldn't be the right thing to do, even though * is not exactly a correct media type.







share|improve this answer














share|improve this answer



share|improve this answer








edited Nov 23 at 7:58

























answered Nov 21 at 11:44









Ankur Chrungoo

43116




43116












  • Throwing an error is IMHO ok, as the request header field is malformed...
    – Julian Reschke
    Nov 21 at 13:38










  • @JulianReschke that would make it restrictive and possibly become a blocker for the reporter, since he also pointed to another link which mentions developers had a hard time removing the default Accept header. Also, as indicated by Bart above, robustness is a good idea to be considered here: en.wikipedia.org/wiki/Robustness_principle
    – Ankur Chrungoo
    Nov 21 at 13:56












  • Understood. I just wanted to point out that it's OK according to the spec. Also keep in mind that drastic error handling helps keeping the protocol clean without nasty interop problems. See XML or HTTP/2.
    – Julian Reschke
    Nov 21 at 14:07










  • Updated the URL link again, as it wasn't working earlier.
    – Ankur Chrungoo
    Nov 23 at 7:52










  • Corrected the response code from 415 to 406 in the description.
    – Ankur Chrungoo
    Nov 23 at 7:58


















  • Throwing an error is IMHO ok, as the request header field is malformed...
    – Julian Reschke
    Nov 21 at 13:38










  • @JulianReschke that would make it restrictive and possibly become a blocker for the reporter, since he also pointed to another link which mentions developers had a hard time removing the default Accept header. Also, as indicated by Bart above, robustness is a good idea to be considered here: en.wikipedia.org/wiki/Robustness_principle
    – Ankur Chrungoo
    Nov 21 at 13:56












  • Understood. I just wanted to point out that it's OK according to the spec. Also keep in mind that drastic error handling helps keeping the protocol clean without nasty interop problems. See XML or HTTP/2.
    – Julian Reschke
    Nov 21 at 14:07










  • Updated the URL link again, as it wasn't working earlier.
    – Ankur Chrungoo
    Nov 23 at 7:52










  • Corrected the response code from 415 to 406 in the description.
    – Ankur Chrungoo
    Nov 23 at 7:58
















Throwing an error is IMHO ok, as the request header field is malformed...
– Julian Reschke
Nov 21 at 13:38




Throwing an error is IMHO ok, as the request header field is malformed...
– Julian Reschke
Nov 21 at 13:38












@JulianReschke that would make it restrictive and possibly become a blocker for the reporter, since he also pointed to another link which mentions developers had a hard time removing the default Accept header. Also, as indicated by Bart above, robustness is a good idea to be considered here: en.wikipedia.org/wiki/Robustness_principle
– Ankur Chrungoo
Nov 21 at 13:56






@JulianReschke that would make it restrictive and possibly become a blocker for the reporter, since he also pointed to another link which mentions developers had a hard time removing the default Accept header. Also, as indicated by Bart above, robustness is a good idea to be considered here: en.wikipedia.org/wiki/Robustness_principle
– Ankur Chrungoo
Nov 21 at 13:56














Understood. I just wanted to point out that it's OK according to the spec. Also keep in mind that drastic error handling helps keeping the protocol clean without nasty interop problems. See XML or HTTP/2.
– Julian Reschke
Nov 21 at 14:07




Understood. I just wanted to point out that it's OK according to the spec. Also keep in mind that drastic error handling helps keeping the protocol clean without nasty interop problems. See XML or HTTP/2.
– Julian Reschke
Nov 21 at 14:07












Updated the URL link again, as it wasn't working earlier.
– Ankur Chrungoo
Nov 23 at 7:52




Updated the URL link again, as it wasn't working earlier.
– Ankur Chrungoo
Nov 23 at 7:52












Corrected the response code from 415 to 406 in the description.
– Ankur Chrungoo
Nov 23 at 7:58




Corrected the response code from 415 to 406 in the description.
– Ankur Chrungoo
Nov 23 at 7:58


















draft saved

draft discarded




















































Thanks for contributing an answer to Stack Overflow!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.





Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


Please pay close attention to the following guidance:


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53408842%2fis-a-valid-wildcard-for-a-content-type-according-to-http-spec%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

Berounka

Sphinx de Gizeh

Different font size/position of beamer's navigation symbols template's content depending on regular/plain...