diff options
author | bas-vk <bas-vk@users.noreply.github.com> | 2017-11-09 17:54:58 +0800 |
---|---|---|
committer | Felix Lange <fjl@users.noreply.github.com> | 2017-11-09 17:54:58 +0800 |
commit | 4fe30bf5ade8849bb3971a0edad95d17d99e8778 (patch) | |
tree | 3074dd249e410d2234dfe5f08e04722076ee3e97 /rpc | |
parent | 4732ee89cb66334334344761997503e59a67d102 (diff) | |
download | dexon-4fe30bf5ade8849bb3971a0edad95d17d99e8778.tar.gz dexon-4fe30bf5ade8849bb3971a0edad95d17d99e8778.tar.zst dexon-4fe30bf5ade8849bb3971a0edad95d17d99e8778.zip |
rpc: check content-type for HTTP requests (#15220)
Diffstat (limited to 'rpc')
-rw-r--r-- | rpc/http.go | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/rpc/http.go b/rpc/http.go index 4143e2a8d..3f572b34c 100644 --- a/rpc/http.go +++ b/rpc/http.go @@ -23,6 +23,7 @@ import ( "fmt" "io" "io/ioutil" + "mime" "net" "net/http" "sync" @@ -151,6 +152,16 @@ func (srv *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) { http.StatusRequestEntityTooLarge) return } + + ct := r.Header.Get("content-type") + mt, _, err := mime.ParseMediaType(ct) + if err != nil || mt != "application/json" { + http.Error(w, + "invalid content type, only application/json is supported", + http.StatusUnsupportedMediaType) + return + } + w.Header().Set("content-type", "application/json") // create a codec that reads direct from the request body until |