Skip to content

Commit

Permalink
Be stricter on the Content-Type for *JSON arguments
Browse files Browse the repository at this point in the history 
It's easier to loosen this later than to tighten it
  • Loading branch information
@Jille
Jille committed Jan 9, 2023
1 parent c5fd140 commit 891397a
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions internal/internal.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,13 @@ func DecodePost(r *http.Request, ret interface{}) error {

// DecodeJSON parses the request body into `ret` as JSON.
func DecodeJSON(r *http.Request, ret interface{}) error {
switch r.Header.Get("Content-Type") {
case "text/json", "application/json":
case "":
return fmt.Errorf("expected Content-Type: text/json rather than unset")
default:
return fmt.Errorf("expected Content-Type: text/json rather than %q", r.Header.Get("Content-Type"))
}
defer r.Body.Close()
if err := json.NewDecoder(r.Body).Decode(ret); err != nil {
return fmt.Errorf("failed to decode json body: %v", err)
Expand Down

0 comments on commit 891397a

Please sign in to comment.