From 1b0ce4795e300ed7fcc1de0bf03756ff847d3725 Mon Sep 17 00:00:00 2001
From: sagar23sj <sagarsonwane23@gmail.com>
Date: Sat, 26 Jun 2021 20:55:02 +0530
Subject: [PATCH 1/2] fix: Added handling for MIME parameters in Content-Type
 Header

---
 github/messages.go | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/github/messages.go b/github/messages.go
index 98a76da644d..06ea9e4cfe5 100644
--- a/github/messages.go
+++ b/github/messages.go
@@ -19,6 +19,7 @@ import (
 	"fmt"
 	"hash"
 	"io/ioutil"
+	"mime"
 	"net/http"
 	"net/url"
 	"strings"
@@ -157,7 +158,14 @@ func messageMAC(signature string) ([]byte, func() hash.Hash, error) {
 func ValidatePayload(r *http.Request, secretToken []byte) (payload []byte, err error) {
 	var body []byte // Raw body that GitHub uses to calculate the signature.
 
-	switch ct := r.Header.Get("Content-Type"); ct {
+	ct := r.Header.Get("Content-Type")
+
+	mediatype, _, err := mime.ParseMediaType(ct)
+	if err != nil {
+		mediatype = ""
+	}
+
+	switch mediatype {
 	case "application/json":
 		var err error
 		if body, err = ioutil.ReadAll(r.Body); err != nil {

From 75603e1abfa88d6e4c860409fda1024756a8e94b Mon Sep 17 00:00:00 2001
From: sagar23sj <sagarsonwane23@gmail.com>
Date: Sat, 26 Jun 2021 20:57:42 +0530
Subject: [PATCH 2/2] test-cases: Added test-cases for changes updating
 handling of MIME parameters in Content-Type Header

---
 github/messages_test.go | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/github/messages_test.go b/github/messages_test.go
index a13e5a99c65..5fed4a2d244 100644
--- a/github/messages_test.go
+++ b/github/messages_test.go
@@ -229,6 +229,33 @@ func TestValidatePayload_BadRequestBody(t *testing.T) {
 	}
 }
 
+func TestValidatePayload_InvalidContentTypeParams(t *testing.T) {
+	req, err := http.NewRequest("POST", "http://localhost/event", nil)
+	if err != nil {
+		t.Fatalf("NewRequest: %v", err)
+	}
+	req.Header.Set("Content-Type", "application/json; charset=")
+	if _, err = ValidatePayload(req, nil); err == nil {
+		t.Error("ValidatePayload = nil, want err")
+	}
+}
+
+func TestValidatePayload_ValidContentTypeParams(t *testing.T) {
+	var requestBody = `{"yo":true}`
+	buf := bytes.NewBufferString(requestBody)
+
+	req, err := http.NewRequest("POST", "http://localhost/event", buf)
+	if err != nil {
+		t.Fatalf("NewRequest: %v", err)
+	}
+	req.Header.Set("Content-Type", "application/json; charset=UTF-8")
+
+	_, err = ValidatePayload(req, nil)
+	if err != nil {
+		t.Error("ValidatePayload = nil, want err")
+	}
+}
+
 func TestParseWebHook(t *testing.T) {
 	tests := []struct {
 		payload     interface{}