Delegate Content-Type verification solely to contentTypeMatches()

[blakestoddard]

Image content returned from the initial request will have its Content-Type verified at https://github.com/willnorris/imageproxy/blob/main/imageproxy.go#L243. Prefilling the Accept header with the list of accepted Content-Type's has proven troublesome for some of our customers as some web servers have odd behaviors like:

• returning an error if you provide a list of Content-Types in Accept
• returning an error if you provide a Content-Type in Accept that the server does not know about (like image, which is not valid normally, but some web servers return content using that Content-Type 🙃)

The addition of Accept-Language is similar -- we've found some servers that will return an error if no Accept-Language header is supplied. Wack a mole!

[codecov[bot]]

Codecov Report

Merging #252 (6ed3117) into main (c08b3c5) will not change coverage. The diff coverage is 100.00%.

@@           Coverage Diff           @@
##             main     #252   +/-   ##
=======================================
  Coverage   87.27%   87.27%           
=======================================
  Files           6        6           
  Lines         503      503           
=======================================
  Hits          439      439           
  Misses         36       36           
  Partials       28       28           

Impacted Files	Coverage Δ
imageproxy.go	79.79% <100.00%> (ø)

---

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update c08b3c5...6ed3117. Read the comment docs.

[blakestoddard]

Whoops, forgot that there was a PR for this branch. I'll pull that last commit into a different branch -- we're just disabling SVG all together since we can't properly sanitize it and security researchers keep using it to submit reports.