blackteay/gin
3
0
Fork 0
mirror of https://github.com/gin-gonic/gin.git synced 2025-10-16 13:22:09 +08:00
Code Issues Projects Releases Wiki Activity

Handle invalid Accept header

Browse Source
This commit is contained in:
Yuki Igarashi 2020-04-07 23:39:29 +09:00
parent 3315353c20
commit c226883043
2 changed files with 44 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
context.go
View File

@ -1047,19 +1047,27 @@ func (c *Context) NegotiateFormat(offered ...string) string {
return offered[0]
}
for _, accepted := range c.Accepted {
// According to RFC 2616, media-range = ( "*/*" | ( type "/" "*" ) | ( type "/" subtype ) )
acceptedMediaRange := strings.Split(accepted, "/")
if len(acceptedMediaRange) != 2 || (acceptedMediaRange[0] == "*" && acceptedMediaRange[1] != "*") {
continue
}
for _, offer := range offered {
// According to RFC 2616 and RFC 2396, non-ASCII characters are not allowed in headers,
// therefore we can just iterate over the string without casting it into []rune
i := 0
for ; i < len(accepted); i++ {
if accepted[i] == '*' || offer[i] == '*' {
// therefore we can handle the string without casting it into []rune
offerMediaRange := strings.Split(offer, "/")
if len(offerMediaRange) != 2 {
continue
}
if acceptedMediaRange[0] == "*" || offerMediaRange[0] == "*" {
return offer
}
if accepted[i] != offer[i] {
break
}
}
if i == len(accepted) {
if acceptedMediaRange[0] == offerMediaRange[0] &&
(acceptedMediaRange[1] == "*" || offerMediaRange[1] == "*" || acceptedMediaRange[1] == offerMediaRange[1]) {
return offer
}
}

26
context_test.go
View File

@ -1228,6 +1228,32 @@ func TestContextNegotiationFormatWithWildcardAccept(t *testing.T) {
assert.Equal(t, c.NegotiateFormat(MIMEHTML), MIMEHTML)
}
func TestContextNegotiationFormatWithInvalidAccept(t *testing.T) {
c, _ := CreateTestContext(httptest.NewRecorder())
c.Request, _ = http.NewRequest("POST", "/", nil)
c.Request.Header.Add("Accept", "text*,*/html")
assert.Equal(t, c.NegotiateFormat("*/*"), "")
assert.Equal(t, c.NegotiateFormat("text/*"), "")
assert.Equal(t, c.NegotiateFormat("text/html"), "")
assert.Equal(t, c.NegotiateFormat(MIMEJSON), "")
assert.Equal(t, c.NegotiateFormat(MIMEXML), "")
assert.Equal(t, c.NegotiateFormat(MIMEHTML), "")
c, _ = CreateTestContext(httptest.NewRecorder())
c.Request, _ = http.NewRequest("POST", "/", nil)
c.Request.Header.Add("Accept", "text*/*,application/j*,application/jso,application/json2")
assert.Equal(t, c.NegotiateFormat("*/*"), "*/*")
assert.Equal(t, c.NegotiateFormat("text/*"), "")
assert.Equal(t, c.NegotiateFormat("text/html"), "")
assert.Equal(t, c.NegotiateFormat("application/*"), "application/*")
assert.Equal(t, c.NegotiateFormat("application/json"), "")
assert.Equal(t, c.NegotiateFormat(MIMEJSON), "")
assert.Equal(t, c.NegotiateFormat(MIMEXML), "")
assert.Equal(t, c.NegotiateFormat(MIMEHTML), "")
}
func TestContextNegotiationFormatCustom(t *testing.T) {
c, _ := CreateTestContext(httptest.NewRecorder())
c.Request, _ = http.NewRequest("POST", "/", nil)