[TIMOB-18341] Fix malformed Content-Type error with modsecurity #19
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
While working on a Titanium iOS application (SDK 3.4.0.GA which uses APSHTTPClient under the hood), I couldn't upload a picture to our backend which uses modsecurity. The upload request was rejected by modsecurity and the following error appeared in the logs:
Multipart parsing error (init): Multipart: Invalid boundary in C-T (malformed).
I looked into APSHTTPClient and saw that the header was created as follow:
http://www.w3.org/Protocols/rfc1341/7_2_Multipart.html gives a simple multi-part example:
The reason modsecurity rejected the request is because the Content-Type multipart/data format requires a parameter
boundary
immediately after the subtype. It doesn't expect anything other than the boundary header (except space and ;).It must be
Content-Type: multipart/form-data; boundary=0xTibOuNdArY_1234567890
in order to work with modsecurity.The
charset
part has been moved inside each part block.