kenmirrors/firefly-iii
1
0
Fork 0
mirror of https://github.com/firefly-iii/firefly-iii.git synced 2025-09-18 10:39:28 +00:00
Code Issues Projects Releases Wiki Activity

Fix https://github.com/firefly-iii/firefly-iii/issues/6829

Browse Source
This commit is contained in:
James Cole
2023-01-10 19:56:38 +01:00
parent 9290c2247e
commit 6db3e3d75e
2 changed files with 16 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
app/Http/Kernel.php
View File

@@ -187,6 +187,7 @@ class Kernel extends HttpKernel
],
// do only bindings, no auth
'api_basic' => [
AcceptHeaders::class,
'bindings',
],
];

21
app/Http/Middleware/AcceptHeaders.php
View File

@@ -44,14 +44,23 @@ class AcceptHeaders
*/
public function handle($request, $next): mixed
{
$method = $request->getMethod();
$method = $request->getMethod();
$accepts = ['application/x-www-form-urlencoded', 'application/json', 'application/vnd.api+json', '*/*'];
$contentTypes = ['application/x-www-form-urlencoded', 'application/json', 'application/vnd.api+json'];
$submitted = (string)$request->header('Content-Type');
if ('GET' === $method && !$request->accepts(['application/json', 'application/vnd.api+json'])) {
throw new BadHttpHeaderException('Your request must accept either application/json or application/vnd.api+json');
// if bad Accept header, send error.
if (!$request->accepts($accepts)) {
throw new BadHttpHeaderException(sprintf('Accept header "%s" is not something this server can provide.', $request->header('Accept')));
}
$allowed = ['application/x-www-form-urlencoded', 'application/json',''];
$submitted = (string)$request->header('Content-Type');
if (('POST' === $method || 'PUT' === $method) && !in_array($submitted, $allowed, true)) {
// if bad 'Content-Type' header, refuse service.
if (('POST' === $method || 'PUT' === $method) && !$request->hasHeader('Content-Type')) {
$error = new BadHttpHeaderException('Content-Type header cannot be empty');
$error->statusCode = 415;
throw $error;
}
if (('POST' === $method || 'PUT' === $method) && !in_array($submitted, $contentTypes, true)) {
$error = new BadHttpHeaderException(sprintf('Content-Type cannot be "%s"', $submitted));
$error->statusCode = 415;
throw $error;