Validate the Content-Type on PUT requests

Return a 415 (https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/415) when the Content-Type does not look like a valid MIME type (in the type/subtype format) Refs #137
2020-04-15 13:45:34 +02:00
parent ab673f1d43
commit 71d138894e
3 changed files with 17 additions and 0 deletions
--- a/lib/remote_storage/rest_provider.rb
+++ b/lib/remote_storage/rest_provider.rb
@@ -506,5 +506,10 @@ module RemoteStorage
      items
    end

+    def validate_content_type(content_type)
+      # Do not try to perform the PUT request when the Content-Type does not
+      # look like a MIME type
+      server.halt 415 unless content_type.match(/^.+\/.+/i)
+    end
  end
 end