Skip to content

fix: handle unparseable mime-type #4939

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

fix: handle unparseable mime-type #4939

wants to merge 3 commits into from
+27 −4

Conversation

@diogoosorio
Copy link

@diogoosorio diogoosorio commented Nov 28, 2025
edited
Loading

📜 Description

Caught this one in production in one of our apps

image

Which we could easily replicate by sending a request with a Content-Type: invalid (which is indeed an invalid mime-type). The app returns a 500 error.

💡 Motivation and Context

This shouldn't cause an exception on the filter, determining if the content-type of the body is an acceptable one should not be handled by the Sentry request filter.

💚 How did you test it?

Create a minimal app Spring Boot MVC app with a sentry.max-request-body-size property defined. Include sentry-spring-boot-starter-jakarta and send a request:

curl -X POST --header "Content-Type: invalid" --location "http://localhost:8080/demo" --data "{}"

See that a 500 error is returned. Re-run with this change and see that the request now goes through the remainder of the filter pipeline.

📝 Checklist

  • I added GH Issue ID & Linear ID
  • I added tests to verify the changes.
  • No new PII added or SDK only sends newly added PII if sendDefaultPII is enabled.
  • I updated the docs if needed.
  • I updated the wizard if needed.
  • Review from the native team if needed.
  • No breaking change or entry added to the changelog.
  • No breaking change for hybrid SDKs or communicated to hybrid SDKs.

🔮 Next steps

sentry[bot]
sentry bot reviewed Nov 28, 2025
View reviewed changes
sentry-spring/src/main/java/io/sentry/spring/SentrySpringFilter.java
Comment on lines 133 to 143

private static boolean shouldCacheMimeType(String contentType) {
return MimeType.valueOf(contentType).isCompatibleWith(MediaType.APPLICATION_JSON)
|| MimeType.valueOf(contentType).isCompatibleWith(MediaType.APPLICATION_FORM_URLENCODED);
try {
return MimeType.valueOf(contentType).isCompatibleWith(MediaType.APPLICATION_JSON)
|| MimeType.valueOf(contentType).isCompatibleWith(MediaType.APPLICATION_FORM_URLENCODED);
} catch (InvalidMimeTypeException e) {
return false;
}
}

static final class RequestBodyExtractingEventProcessor implements EventProcessor {
Copy link

@sentry sentry bot Nov 28, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Bug: The sentry-spring-jakarta module's shouldCacheMimeType() method lacks InvalidMimeTypeException handling for invalid Content-Type headers.
Severity: CRITICAL | Confidence: High

🔍 Detailed Analysis

The sentry-spring-jakarta module's shouldCacheMimeType() method in sentry-spring-jakarta/src/main/java/io/sentry/spring/jakarta/SentrySpringFilter.java lacks proper exception handling. When applications using this module with sentry.max-request-body-size defined receive requests with invalid Content-Type headers (e.g., Content-Type: invalid), MimeType.valueOf(contentType) throws an InvalidMimeTypeException. This unhandled exception causes the application to crash with a 500 error, preventing the request from proceeding through the filter pipeline.

💡 Suggested Fix

Wrap the shouldCacheMimeType() method in sentry-spring-jakarta/src/main/java/io/sentry/spring/jakarta/SentrySpringFilter.java with a try-catch block for InvalidMimeTypeException, matching the fix applied to other modules.

🤖 Prompt for AI Agent 
Review the code at the location below. A potential bug has been identified by an AI
agent.
Verify if this is a real issue. If it is, propose a fix; if not, explain why it's not
valid.

Location: sentry-spring/src/main/java/io/sentry/spring/SentrySpringFilter.java#L132-L143

Potential issue: The `sentry-spring-jakarta` module's `shouldCacheMimeType()` method in
`sentry-spring-jakarta/src/main/java/io/sentry/spring/jakarta/SentrySpringFilter.java`
lacks proper exception handling. When applications using this module with
`sentry.max-request-body-size` defined receive requests with invalid `Content-Type`
headers (e.g., `Content-Type: invalid`), `MimeType.valueOf(contentType)` throws an
`InvalidMimeTypeException`. This unhandled exception causes the application to crash
with a 500 error, preventing the request from proceeding through the filter pipeline.

Did we get this right? 👍 / 👎 to inform future reviews.
Reference ID: 4294118

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@adinauer adinauer Awaiting requested review from adinauer adinauer is a code owner

@romtsn romtsn Awaiting requested review from romtsn romtsn is a code owner

@stefanosiano stefanosiano Awaiting requested review from stefanosiano stefanosiano is a code owner

@markushi markushi Awaiting requested review from markushi markushi is a code owner

@lcian lcian Awaiting requested review from lcian lcian is a code owner

1 more reviewer

@sentry sentry[bot] sentry[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

SentrySpringFilter throws InvalidMimeTypeException with an invalid content-type header

1 participant

@diogoosorio