Open tkalliom opened 5 years ago
Had a look into this. The logic for parsing Accept headers lives in Mime::Type
inside the private parse
method.
For the specific scenario above, having commas within a quoted string is not handled, and causes the header to split in several chunks:
"text/html; someparameter=\"a"
" \\\"quoted"
" string"
" text/csv"
" etc\""
" text/plain"
Steps to reproduce
Expected behavior
As per RFC 7231 sections 5.3.2 and 3.1.1.1, the header sent by the client should be understood as having two media type specifications; the first
text/html
with the media type parametersomeparameter
having the valuea, "quoted, string, text/csv, etc
and the secondtext/plain
with no media type parameters. The content negotiation should thus result in choosingtext/plain
.Actual behavior
The header parsing fails to take quoted-strings into account, and
text/csv
is mistakenly interpreted as an accepted media type. The response is sent as CSV.System configuration
Rails version: 6.0.0alpha (master)
Ruby version: 2.4.1p111