Allow parameterized application/json content types

Signed-off-by: Appu Goundan <appu@google.com>
sigstore · Feb 4, 2022 · 41e153e · 41e153e
1 parent 5c51127
commit 41e153e
Showing 1 changed file with 10 additions and 1 deletion.
diff --git a/pkg/api/ca.go b/pkg/api/ca.go
@@ -23,6 +23,7 @@ import (
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
+	"mime"
 	"net/http"
 	"strings"
 
@@ -116,7 +117,15 @@ func (a *api) signingCert(w http.ResponseWriter, req *http.Request) {
 		handleFulcioAPIError(w, req, http.StatusMethodNotAllowed, err, err.Error())
 		return
 	}
-	if gotContentType, wantContentType := req.Header.Get("Content-Type"), "application/json"; gotContentType != wantContentType {
+
+	contentTypeHeader := req.Header.Get("Content-Type")
+	gotContentType, _, perr := mime.ParseMediaType(contentTypeHeader)
+	if perr != nil {
+		err := fmt.Errorf("could not parse Content-Type %q", contentTypeHeader)
+		handleFulcioAPIError(w, req, http.StatusUnsupportedMediaType, err, err.Error())
+	}
+	wantContentType := "application/json"
+	if gotContentType != wantContentType {
 		err := fmt.Errorf("signing cert handler must receive %q, got %q", wantContentType, gotContentType)
 		handleFulcioAPIError(w, req, http.StatusUnsupportedMediaType, err, err.Error())
 		return