Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

A missing Content-Type returns a 400 but should return a 415. #2656

Closed
komape opened this issue Oct 16, 2024 · 1 comment
Closed

A missing Content-Type returns a 400 but should return a 415. #2656

komape opened this issue Oct 16, 2024 · 1 comment
Assignees
@tsegismont
Labels
bug
Milestone
4.5.11

Comments

@komape
Copy link
Contributor

komape commented Oct 16, 2024

Version

Since v.3.8.0

Context

I a route defines a content type consumed by it, the header Content-Type of a request is checked. In case the type does not match one of the accepted, the error 415 Unsupported Media Type is returned. In case, the header is not given or empty, the error 400 Bad Request is returned. IMO the latter is wrong. An empty content type header should also return a 415 because it clearly indicates that the content type is faulty while a 400 is very vague. Especially, if there is no error message. Took me a while to understand that this is the problem when we were testing a new endpoint.

The mdn web docs also describe that a 415 should be returned if the header is missing. Additionally, it describes that the Accept-Post header in the response shoud be set to the accepted types. The RFC 9110 does not distinguish between empty and mismatched types but also states that an Accept header should be returned.

The piece of code handling this was introduced in #456. This is the piece of code in the class io.vertx.ext.web.impl.RouteState:

    if (!isEmpty(consumes)) {
      // Can this route consume the specified content type
      MIMEHeader contentType = context.parsedHeaders().contentType();
      MIMEHeader consumal = contentType.findMatchedBy(consumes);
      if (consumal == null && !(contentType.rawValue().isEmpty() && emptyBodyPermittedWithConsumes)) {
        if (contentType.rawValue().isEmpty()) {
          return 400;
        } else {
          return 415;
        }
      }
    }

The return of a 400 should be removed. Instead, always return a 415 if the route defines consumed content types and the given type in the request is missing or does not match. The header Accept should also be returned with the accepted types.

Do you have a reproducer?

No.

Steps to reproduce

  1. Create a route with a consumed content type.
  2. Send a request to this endpoint without a Content-Type header.

Extra

None.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tsegismont tsegismont

Labels
bug
Milestone
4.5.11
Development

No branches or pull requests
3 participants
@vietj @tsegismont @komape