search

muchdogesec / arango_taxii_server

A lightweight TAXII API wrapper for ArangoDB.
GNU Affero General Public License v3.0
2 stars 0 forks source link

`accept` header in request is not correct for TAXII spec #5

Open himynamesdave opened 2 weeks ago

himynamesdave commented 2 weeks ago 
dgreenwood@Davids-MacBook-Pro-2 ~ % curl -X 'GET' \
  'http://127.0.0.1:8000/api/taxii2/' \
  -H 'accept: application/taxii+json;version=2.1' \
  -H 'Authorization: Basic bm9fYWNjZXNzX3VzZXI6dGVzdGluZzEyMw=='
{"title":"Could not satisfy the request Accept header.","http_status":406,"details":{"content":{"message":"Could not satisfy the request Accept header.","code":"not_acceptable"}}}%                                                            dgreenwood@Davids-MacBook-Pro-2 ~ % curl -X 'GET' \
  'http://127.0.0.1:8000/api/taxii2/' \
  -H 'accept: application/json' \                  
  -H 'Authorization: Basic bm9fYWNjZXNzX3VzZXI6dGVzdGluZzEyMw=='
{"title":"Arango TAXII Server","description":"https://github.com/muchdogesec/arango_taxii_server/","contact":"noreply@dogesec.com","api_roots":[]}%

As per the TAXII spec:

https://docs.oasis-open.org/cti/taxii/v2.1/taxii-v2.1.html

image

however, the server does not accept application/taxii+json;version=2.1 and only responds to application/json as per the example shown above.

The server should only accept requests where this is application/taxii+json;version=2.1

fqrious commented 2 weeks ago

fixed in adding-tests branch

himynamesdave commented 2 weeks ago

image

can you alter in the swagger ui?

shows application/taxii+json should be application/taxii+json;version=2.1