Return a 400 error if the Accept header was incorrect

ninenines · Nov 30, 2012 · 5c315ab · 5c315ab
1 parent 5f6b6b6
commit 5c315ab
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 4 deletions.
diff --git a/src/cowboy_rest.erl b/src/cowboy_rest.erl
@@ -211,14 +211,15 @@ content_types_provided(Req, State) ->
 		    CTP2 = [normalize_content_types(P) || P <- CTP],
 			State2 = State#state{
 				handler_state=HandlerState, content_types_p=CTP2},
-			{ok, Accept, Req3} = cowboy_req:parse_header(<<"accept">>, Req2),
-			case Accept of
-				undefined ->
+			case cowboy_req:parse_header(<<"accept">>, Req2) of
+				{error, badarg} ->
+					respond(Req2, State2, 400);
+				{ok, undefined, Req3} ->
 					{PMT, _Fun} = HeadCTP = hd(CTP2),
 					languages_provided(
 						cowboy_req:set_meta(media_type, PMT, Req3),
 						State2#state{content_type_a=HeadCTP});
-				Accept ->
+				{ok, Accept, Req3} ->
 					Accept2 = prioritize_accept(Accept),
 					choose_media_type(Req3, State2, Accept2)
 			end

diff --git a/test/http_SUITE.erl b/test/http_SUITE.erl
@@ -48,6 +48,7 @@
 -export([onresponse_crash/1]).
 -export([onresponse_reply/1]).
 -export([pipeline/1]).
+-export([rest_bad_accept/1]).
 -export([rest_keepalive/1]).
 -export([rest_keepalive_post/1]).
 -export([rest_missing_get_callbacks/1]).
@@ -95,6 +96,7 @@ groups() ->
 		nc_rand,
 		nc_zero,
 		pipeline,
+		rest_bad_accept,
 		rest_keepalive,
 		rest_keepalive_post,
 		rest_missing_get_callbacks,
@@ -251,6 +253,7 @@ init_dispatch(Config) ->
 				 {file, <<"test_file.css">>}]},
 			{[<<"multipart">>], http_handler_multipart, []},
 			{[<<"echo">>, <<"body">>], http_handler_echo_body, []},
+			{[<<"bad_accept">>], rest_simple_resource, []},
 			{[<<"simple">>], rest_simple_resource, []},
 			{[<<"forbidden_post">>], rest_forbidden_resource, [true]},
 			{[<<"simple_post">>], rest_forbidden_resource, [false]},
@@ -653,6 +656,14 @@ pipeline(Config) ->
 	{ok, 200, _, Client11} = cowboy_client:response(Client10),
 	{error, closed} = cowboy_client:response(Client11).
 
+rest_bad_accept(Config) ->
+	Client = ?config(client, Config),
+	{ok, Client2} = cowboy_client:request(<<"GET">>,
+		build_url("/bad_accept", Config),
+		[{<<"accept">>, <<"1">>}],
+		Client),
+	{ok, 400, _, _} = cowboy_client:response(Client2).
+
 rest_keepalive(Config) ->
 	Client = ?config(client, Config),
 	URL = build_url("/simple", Config),