blackteay/gin
3
0
Fork 0
mirror of https://github.com/gin-gonic/gin.git synced 2025-10-16 21:32:11 +08:00
Code Issues Projects Releases Wiki Activity

Handle invalid Accept header

Browse Source
This commit is contained in:
Yuki Igarashi 2020-04-07 23:39:29 +09:00
parent 3315353c20
commit c226883043
2 changed files with 44 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
context.go
View File

@ -1047,19 +1047,27 @@ func (c *Context) NegotiateFormat(offered ...string) string {
return offered[0] return offered[0]
} }
for _, accepted := range c.Accepted { for _, accepted := range c.Accepted {
// According to RFC 2616, media-range = ( "*/*" | ( type "/" "*" ) | ( type "/" subtype ) )
acceptedMediaRange := strings.Split(accepted, "/")
if len(acceptedMediaRange) != 2 || (acceptedMediaRange[0] == "*" && acceptedMediaRange[1] != "*") {
continue
}
for _, offer := range offered { for _, offer := range offered {
// According to RFC 2616 and RFC 2396, non-ASCII characters are not allowed in headers, // According to RFC 2616 and RFC 2396, non-ASCII characters are not allowed in headers,
// therefore we can just iterate over the string without casting it into []rune // therefore we can handle the string without casting it into []rune
i := 0
for ; i < len(accepted); i++ { offerMediaRange := strings.Split(offer, "/")
if accepted[i] == '*' || offer[i] == '*' { if len(offerMediaRange) != 2 {
continue
}
if acceptedMediaRange[0] == "*" || offerMediaRange[0] == "*" {
return offer return offer
} }
if accepted[i] != offer[i] {
break if acceptedMediaRange[0] == offerMediaRange[0] &&
} (acceptedMediaRange[1] == "*" || offerMediaRange[1] == "*" || acceptedMediaRange[1] == offerMediaRange[1]) {
}
if i == len(accepted) {
return offer return offer
} }
} }

26
context_test.go
View File

@ -1228,6 +1228,32 @@ func TestContextNegotiationFormatWithWildcardAccept(t *testing.T) {
assert.Equal(t, c.NegotiateFormat(MIMEHTML), MIMEHTML) assert.Equal(t, c.NegotiateFormat(MIMEHTML), MIMEHTML)
} }
func TestContextNegotiationFormatWithInvalidAccept(t *testing.T) {
c, _ := CreateTestContext(httptest.NewRecorder())
c.Request, _ = http.NewRequest("POST", "/", nil)
c.Request.Header.Add("Accept", "text*,*/html")
assert.Equal(t, c.NegotiateFormat("*/*"), "")
assert.Equal(t, c.NegotiateFormat("text/*"), "")
assert.Equal(t, c.NegotiateFormat("text/html"), "")
assert.Equal(t, c.NegotiateFormat(MIMEJSON), "")
assert.Equal(t, c.NegotiateFormat(MIMEXML), "")
assert.Equal(t, c.NegotiateFormat(MIMEHTML), "")
c, _ = CreateTestContext(httptest.NewRecorder())
c.Request, _ = http.NewRequest("POST", "/", nil)
c.Request.Header.Add("Accept", "text*/*,application/j*,application/jso,application/json2")
assert.Equal(t, c.NegotiateFormat("*/*"), "*/*")
assert.Equal(t, c.NegotiateFormat("text/*"), "")
assert.Equal(t, c.NegotiateFormat("text/html"), "")
assert.Equal(t, c.NegotiateFormat("application/*"), "application/*")
assert.Equal(t, c.NegotiateFormat("application/json"), "")
assert.Equal(t, c.NegotiateFormat(MIMEJSON), "")
assert.Equal(t, c.NegotiateFormat(MIMEXML), "")
assert.Equal(t, c.NegotiateFormat(MIMEHTML), "")
}
func TestContextNegotiationFormatCustom(t *testing.T) { func TestContextNegotiationFormatCustom(t *testing.T) {
c, _ := CreateTestContext(httptest.NewRecorder()) c, _ := CreateTestContext(httptest.NewRecorder())
c.Request, _ = http.NewRequest("POST", "/", nil) c.Request, _ = http.NewRequest("POST", "/", nil)