Use a 400 response for bad requests rather than a 500 response

commit: 84afcbf511de37a063784443e0dc5d752d7e62fe [log] [tgz]
author: Mark Thomas <markt@apache.org> Wed Nov 08 15:09:44 2023 +0000
committer: Mark Thomas <markt@apache.org> Wed Nov 08 15:09:44 2023 +0000
tree: c0612e1d2cabcf3ab2f0d2804c2f9d382f6f443f
parent: c2b60ded7b961aa30201c32a11a9e7c4ee632302 [diff]
diff --git a/java/org/apache/catalina/core/StandardWrapperValve.java b/java/org/apache/catalina/core/StandardWrapperValve.java
index 0cf0cd4..81592f6 100644
--- a/java/org/apache/catalina/core/StandardWrapperValve.java
+++ b/java/org/apache/catalina/core/StandardWrapperValve.java

@@ -169,7 +169,14 @@
                 }
 
             }
-        } catch (BadRequestException | CloseNowException e) {
+        } catch (BadRequestException e) {
+            if (container.getLogger().isDebugEnabled()) {
+                container.getLogger().debug(
+                        sm.getString("standardWrapper.serviceException", wrapper.getName(), context.getName()), e);
+            }
+            throwable = e;
+            exception(request, response, e, HttpServletResponse.SC_BAD_REQUEST);
+        } catch (CloseNowException e) {
             if (container.getLogger().isDebugEnabled()) {
                 container.getLogger().debug(
                         sm.getString("standardWrapper.serviceException", wrapper.getName(), context.getName()), e);

diff --git a/test/org/apache/coyote/http2/TestHttp2UpgradeHandler.java b/test/org/apache/coyote/http2/TestHttp2UpgradeHandler.java
index da7f9da..6f4e91a 100644
--- a/test/org/apache/coyote/http2/TestHttp2UpgradeHandler.java
+++ b/test/org/apache/coyote/http2/TestHttp2UpgradeHandler.java

@@ -201,10 +201,10 @@
             buildPostRequest(frameHeader, headersPayload, false, dataFrameHeader, dataFramePayload, null, stream);
             writeFrame(frameHeader, headersPayload);
 
-            // 500 response (triggered by IOException trying to read body that never arrived)
+            // 400 response (triggered by IOException trying to read body that never arrived)
             parser.readFrame();
             Assert.assertTrue(output.getTrace(),
-                    output.getTrace().startsWith(stream + "-HeadersStart\n" + stream + "-Header-[:status]-[500]\n"));
+                    output.getTrace().startsWith(stream + "-HeadersStart\n" + stream + "-Header-[:status]-[400]\n"));
             output.clearTrace();
 
             // reset frame

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 113013a..933494e 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml

@@ -150,6 +150,10 @@
         <code>ApplicationHttpRequest</code> and <code>ApplicationRequest</code>.
         (markt)
       </fix>
+      <fix>
+        Use a 400 status code to report an error due to a bad request (e.g. an
+        invalid trailer header) rather than a 500 status code. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Coyote">
commit	84afcbf511de37a063784443e0dc5d752d7e62fe	[log] [tgz]
author	Mark Thomas <markt@apache.org>	Wed Nov 08 15:09:44 2023 +0000
committer	Mark Thomas <markt@apache.org>	Wed Nov 08 15:09:44 2023 +0000
tree	c0612e1d2cabcf3ab2f0d2804c2f9d382f6f443f
parent	c2b60ded7b961aa30201c32a11a9e7c4ee632302 [diff]