go-restful icon indicating copy to clipboard operation
go-restful copied to clipboard

Published 20 hours ago verified publisher icon emicklei

Improper handling of empty POST requests.

Open jankyjames opened this issue 1 year ago • 3 comments

When POSTing to a route without a Content-Type but the route is configured to consume some Content-Type, If there is also no body in that request, the Content-Type validation finishes without error, but candidates remains 0 resulting in the Accept handling to process.

I think normally this would be fine since it seems like there is an additional check for empty POST requests here to return a valid 415, but some clients like Postman automatically sets the header Content-Length to "0" resulting in this check getting skipped and defaulting to 406 when that isn't the issue.

I suggest either updating the check at line 158 from method == http.MethodPatch) && length == "" { to

method == http.MethodPatch) && (length == "" || length == "0") {

or

method == http.MethodPatch) && httpRequest.ContentLength == 0 {

The method in question is here

jankyjames avatar Jul 19 '23 21:07 jankyjames

If you think this fixes the issue I'd be happy to submit a PR to fix this :) Just let me know!

jankyjames avatar Jul 19 '23 21:07 jankyjames

Thank you for reporting this. I will have a closer look to the flow.

On Wed, 19 Jul 2023 at 23:39, James Childs @.***> wrote:

If you think this fixes the issue I'd be happy to submit a PR to fix this :) Just let me know!

— Reply to this email directly, view it on GitHub https://github.com/emicklei/go-restful/issues/532#issuecomment-1642791907, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAFHRDE7M5QLS3NXEUS4V6LXRBHYXANCNFSM6AAAAAA2QQM2AU . You are receiving this because you are subscribed to this thread.Message ID: @.***>

-- Met vriendelijke groet, Kind regards,

Ernest Micklei

Try out my music project Melrōse https://melrōse.org

emicklei avatar Jul 22 '23 07:07 emicklei

If you think this fixes the issue I'd be happy to submit a PR to fix this :) Just let me know!

@JamesDChilds can you propose a PR? thx!

emicklei avatar Aug 05 '23 19:08 emicklei

If you think this fixes the issue I'd be happy to submit a PR to fix this :) Just let me know!

@JamesDChilds can you propose a PR? thx!

@JamesDChilds Hi, I don't want to take the glory away from you, but this still hasn't been resolved in the latest version of the code, and this issue doesn't seem to have been followed up on in a long time, so I opened a pr.

mayooot avatar Mar 07 '24 09:03 mayooot

fixed in v3.12.0

emicklei avatar Apr 23 '24 10:04 emicklei