Skip to content

Commit

Permalink
rpc: check content-type for HTTP requests (ethereum#15220)
Browse files Browse the repository at this point in the history
  • Loading branch information
@bas-vk @fjl
bas-vk authored and fjl committed Nov 9, 2017
1 parent 4732ee8 commit 4fe30bf
Showing 1 changed file with 11 additions and 0 deletions.
11 changes: 11 additions & 0 deletions rpc/http.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ import (
"fmt"
"io"
"io/ioutil"
"mime"
"net"
"net/http"
"sync"
Expand Down Expand Up @@ -151,6 +152,16 @@ func (srv *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
http.StatusRequestEntityTooLarge)
return
}

ct := r.Header.Get("content-type")
mt, _, err := mime.ParseMediaType(ct)
if err != nil || mt != "application/json" {
http.Error(w,
"invalid content type, only application/json is supported",
http.StatusUnsupportedMediaType)
return
}

w.Header().Set("content-type", "application/json")

// create a codec that reads direct from the request body until
Expand Down

0 comments on commit 4fe30bf

Please sign in to comment.