aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorbas-vk <bas-vk@users.noreply.github.com>2017-11-09 17:54:58 +0800
committerFelix Lange <fjl@users.noreply.github.com>2017-11-09 17:54:58 +0800
commit4fe30bf5ade8849bb3971a0edad95d17d99e8778 (patch)
tree3074dd249e410d2234dfe5f08e04722076ee3e97
parent4732ee89cb66334334344761997503e59a67d102 (diff)
downloadgo-tangerine-4fe30bf5ade8849bb3971a0edad95d17d99e8778.tar.gz
go-tangerine-4fe30bf5ade8849bb3971a0edad95d17d99e8778.tar.zst
go-tangerine-4fe30bf5ade8849bb3971a0edad95d17d99e8778.zip
rpc: check content-type for HTTP requests (#15220)
-rw-r--r--rpc/http.go11
1 files changed, 11 insertions, 0 deletions
diff --git a/rpc/http.go b/rpc/http.go
index 4143e2a8d..3f572b34c 100644
--- a/rpc/http.go
+++ b/rpc/http.go
@@ -23,6 +23,7 @@ import (
"fmt"
"io"
"io/ioutil"
+ "mime"
"net"
"net/http"
"sync"
@@ -151,6 +152,16 @@ func (srv *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
http.StatusRequestEntityTooLarge)
return
}
+
+ ct := r.Header.Get("content-type")
+ mt, _, err := mime.ParseMediaType(ct)
+ if err != nil || mt != "application/json" {
+ http.Error(w,
+ "invalid content type, only application/json is supported",
+ http.StatusUnsupportedMediaType)
+ return
+ }
+
w.Header().Set("content-type", "application/json")
// create a codec that reads direct from the request body until