kenmirrors/firefly-iii
1
0
Fork 0
mirror of https://github.com/firefly-iii/firefly-iii.git synced 2025-09-18 18:44:16 +00:00
Code Issues Projects Releases Wiki Activity

Fix https://github.com/firefly-iii/firefly-iii/issues/6829

Browse Source
This commit is contained in:
James Cole
2023-01-10 19:56:38 +01:00
parent 9290c2247e
commit 6db3e3d75e
2 changed files with 16 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
app/Http/Kernel.php
View File

@@ -187,6 +187,7 @@ class Kernel extends HttpKernel
], ],
// do only bindings, no auth // do only bindings, no auth
'api_basic' => [ 'api_basic' => [
AcceptHeaders::class,
'bindings', 'bindings',
], ],
]; ];

21
app/Http/Middleware/AcceptHeaders.php
View File

@@ -44,14 +44,23 @@ class AcceptHeaders
*/ */
public function handle($request, $next): mixed public function handle($request, $next): mixed
{ {
$method = $request->getMethod(); $method = $request->getMethod();
$accepts = ['application/x-www-form-urlencoded', 'application/json', 'application/vnd.api+json', '*/*'];
$contentTypes = ['application/x-www-form-urlencoded', 'application/json', 'application/vnd.api+json'];
$submitted = (string)$request->header('Content-Type');
if ('GET' === $method && !$request->accepts(['application/json', 'application/vnd.api+json'])) {
throw new BadHttpHeaderException('Your request must accept either application/json or application/vnd.api+json'); // if bad Accept header, send error.
if (!$request->accepts($accepts)) {
throw new BadHttpHeaderException(sprintf('Accept header "%s" is not something this server can provide.', $request->header('Accept')));
} }
$allowed = ['application/x-www-form-urlencoded', 'application/json','']; // if bad 'Content-Type' header, refuse service.
$submitted = (string)$request->header('Content-Type'); if (('POST' === $method || 'PUT' === $method) && !$request->hasHeader('Content-Type')) {
if (('POST' === $method || 'PUT' === $method) && !in_array($submitted, $allowed, true)) { $error = new BadHttpHeaderException('Content-Type header cannot be empty');
$error->statusCode = 415;
throw $error;
}
if (('POST' === $method || 'PUT' === $method) && !in_array($submitted, $contentTypes, true)) {
$error = new BadHttpHeaderException(sprintf('Content-Type cannot be "%s"', $submitted)); $error = new BadHttpHeaderException(sprintf('Content-Type cannot be "%s"', $submitted));
$error->statusCode = 415; $error->statusCode = 415;
throw $error; throw $error;