The Content-Type http header not only can have the actual type of the payload but also can return the charset and other optional parameters like defined in HTTP/1.1 RFC.
So Content-Type like the following were getting skipped by our checks:
Content-Type: text/html; charset=utf-8
To make it more robust I took in consideration the charset to parse the json content from the request, and also added some tests to cover this endpoint.
andrewgodwin
commented
8 months ago
The
Content-Typehttp header not only can have the actual type of the payload but also can return the charset and other optional parameters like defined in HTTP/1.1 RFC.So Content-Type like the following were getting skipped by our checks:
To make it more robust I took in consideration the charset to parse the json content from the request, and also added some tests to cover this endpoint.