From 5bf740e3835f94626e198639e98f80f701cdfeaf Mon Sep 17 00:00:00 2001
From: Steven Hawkins <shawkins@redhat.com>
Date: Tue, 16 Dec 2025 09:28:29 -0500
Subject: [PATCH] fix: preventing raw stacktrace response and error log
 (#44815)

closes: #44712

Signed-off-by: Steve Hawkins <shawkins@redhat.com>
---
 .../services/error/KeycloakErrorHandler.java      |  2 +-
 .../java/org/keycloak/utils/MediaTypeMatcher.java | 15 ++++++++++++---
 2 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/services/src/main/java/org/keycloak/services/error/KeycloakErrorHandler.java b/services/src/main/java/org/keycloak/services/error/KeycloakErrorHandler.java
index 41779646ab6..f9d7975e4c6 100644
--- a/services/src/main/java/org/keycloak/services/error/KeycloakErrorHandler.java
+++ b/services/src/main/java/org/keycloak/services/error/KeycloakErrorHandler.java
@@ -107,7 +107,7 @@ public class KeycloakErrorHandler implements ExceptionMapper<Throwable> {
             }
 
             return Response.status(responseStatus)
-                    .header(HttpHeaders.CONTENT_TYPE, jakarta.ws.rs.core.MediaType.APPLICATION_JSON_TYPE.toString())
+                    .type(MediaType.APPLICATION_JSON_TYPE)
                     .entity(error)
                     .build();
         }
diff --git a/services/src/main/java/org/keycloak/utils/MediaTypeMatcher.java b/services/src/main/java/org/keycloak/utils/MediaTypeMatcher.java
index 6b1e0a3b2d2..8ee1bfe9445 100644
--- a/services/src/main/java/org/keycloak/utils/MediaTypeMatcher.java
+++ b/services/src/main/java/org/keycloak/utils/MediaTypeMatcher.java
@@ -3,8 +3,12 @@ package org.keycloak.utils;
 import jakarta.ws.rs.core.HttpHeaders;
 import jakarta.ws.rs.core.MediaType;
 
+import org.jboss.logging.Logger;
+
 public class MediaTypeMatcher {
 
+    private static final Logger logger = Logger.getLogger(MediaTypeMatcher.class);
+
     public static boolean isHtmlRequest(HttpHeaders headers) {
         return isAcceptMediaType(headers, MediaType.TEXT_HTML_TYPE);
     }
@@ -14,10 +18,15 @@ public class MediaTypeMatcher {
     }
 
     private static boolean isAcceptMediaType(HttpHeaders headers, MediaType textHtmlType) {
-        for (MediaType m : headers.getAcceptableMediaTypes()) {
-            if (!m.isWildcardType() && m.isCompatible(textHtmlType)) {
-                return true;
+        try {
+            for (MediaType m : headers.getAcceptableMediaTypes()) {
+                if (!m.isWildcardType() && m.isCompatible(textHtmlType)) {
+                    return true;
+                }
             }
+        } catch (Exception e) {
+            // illegal state, or illegal argument are possible
+            logger.debug("Could not determine if the media type is accepted", e);
         }
         return false;
     }