FULL PRODUCT VERSION :


A DESCRIPTION OF THE PROBLEM :
RFC 7231 [0] describes the format of the HTTP/1.1 Accept header as follows:

     Accept = #( media-range [ accept-params ] )

     media-range = ( "*/*"
                      / ( type "/" "*" )
                      / ( type "/" subtype )
                      ) *( OWS ";" OWS parameter )
     accept-params = weight *( accept-ext )
     accept-ext = OWS ";" OWS token [ "=" ( token / quoted-string ) ]

HttpURLConnection sets the following Accept header in requests if it is not set [1]:

static final String acceptString =
        "text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2";

The '*; q=.2' portion seems to be invalid according to the RFC spec above.

Some http endpoints that encounter this header will reject the request and return 406 or 500. For examples see: [2] and [3].

[0]: https://tools.ietf.org/html/rfc7231#section-5.3.2
[1]: https://github.com/openjdk-mirror/jdk/blob/jdk8u/jdk8u/master/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java#L256
[2]: https://issues.apache.org/jira/browse/SLING-3175
[3]: https://issues.apache.org/jira/browse/OLINGO-998


REPRODUCIBILITY :
This bug can be reproduced always.

CUSTOMER SUBMITTED WORKAROUND :
It is possible for clients to set the Accept header via the HttpURLConnection.setRequestProperty API.