Skip to content

Commit bd874d4

Browse files
authored
fix(Dgraph): Parse Content-Type in headers correctly (#6370)
1 parent 742259b commit bd874d4

File tree

2 files changed

+38
-4
lines changed

2 files changed

+38
-4
lines changed

dgraph/cmd/alpha/http.go

Lines changed: 24 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,7 @@ import (
2424
"fmt"
2525
"io"
2626
"io/ioutil"
27+
"mime"
2728
"net/http"
2829
"sort"
2930
"strconv"
@@ -177,18 +178,27 @@ func queryHandler(w http.ResponseWriter, r *http.Request) {
177178
Query string `json:"query"`
178179
Variables map[string]string `json:"variables"`
179180
}
181+
180182
contentType := r.Header.Get("Content-Type")
181-
switch strings.ToLower(contentType) {
183+
mediaType, contentTypeParams, err := mime.ParseMediaType(contentType)
184+
if err != nil {
185+
x.SetStatus(w, x.ErrorInvalidRequest, "Invalid Content-Type")
186+
}
187+
if charset, ok := contentTypeParams["charset"]; ok && strings.ToLower(charset) != "utf-8" {
188+
x.SetStatus(w, x.ErrorInvalidRequest, "Unsupported charset. "+
189+
"Supported charset is UTF-8")
190+
return
191+
}
192+
193+
switch mediaType {
182194
case "application/json":
183195
if err := json.Unmarshal(body, &params); err != nil {
184196
jsonErr := convertJSONError(string(body), err)
185197
x.SetStatus(w, x.ErrorInvalidRequest, jsonErr.Error())
186198
return
187199
}
188-
189200
case "application/graphql+-":
190201
params.Query = string(body)
191-
192202
default:
193203
x.SetStatus(w, x.ErrorInvalidRequest, "Unsupported Content-Type. "+
194204
"Supported content types are application/json, application/graphql+-")
@@ -300,7 +310,17 @@ func mutationHandler(w http.ResponseWriter, r *http.Request) {
300310

301311
var req *api.Request
302312
contentType := r.Header.Get("Content-Type")
303-
switch strings.ToLower(contentType) {
313+
mediaType, contentTypeParams, err := mime.ParseMediaType(contentType)
314+
if err != nil {
315+
x.SetStatus(w, x.ErrorInvalidRequest, "Invalid Content-Type")
316+
}
317+
if charset, ok := contentTypeParams["charset"]; ok && strings.ToLower(charset) != "utf-8" {
318+
x.SetStatus(w, x.ErrorInvalidRequest, "Unsupported charset. "+
319+
"Supported charset is UTF-8")
320+
return
321+
}
322+
323+
switch mediaType {
304324
case "application/json":
305325
ms := make(map[string]*skipJSONUnmarshal)
306326
if err := json.Unmarshal(body, &ms); err != nil {

dgraph/cmd/alpha/http_test.go

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -955,3 +955,17 @@ func TestUrl(t *testing.T) {
955955
require.NoError(t, err)
956956
require.True(t, resp.StatusCode >= 200 && resp.StatusCode < 300)
957957
}
958+
959+
func TestContentTypeCharset(t *testing.T) {
960+
_, _, err := queryWithGz(`{"query": "schema {}"}`, "application/json; charset=utf-8", "false", "", false, false)
961+
require.NoError(t, err)
962+
963+
_, _, err = queryWithGz(`{"query": "schema {}"}`, "application/json; charset=latin1", "false", "", false, false)
964+
require.True(t, err != nil && strings.Contains(err.Error(), "Unsupported charset"))
965+
966+
_, err = mutationWithTs(`{}`, "application/rdf; charset=utf-8", false, true, 0)
967+
require.NoError(t, err)
968+
969+
_, err = mutationWithTs(`{}`, "application/rdf; charset=latin1", false, true, 0)
970+
require.True(t, err != nil && strings.Contains(err.Error(), "Unsupported charset"))
971+
}

0 commit comments

Comments
 (0)