Skip to content

Fix/multiple content type headers lead to 415 consistently #2070

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Fix/multiple content type headers lead to 415 consistently #2070

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
90f69f2
test: added test for multiple json content-types
Lewiscowles1986 Jul 25, 2025
684a819
fix: 415 error if multiple content-type request headers
Lewiscowles1986 Jul 25, 2025
a06b2d4
test: split json
Lewiscowles1986 Jul 28, 2025
e46f844
refactor: limit split of json
Lewiscowles1986 Jul 28, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 3 additions & 5 deletions connexion/utils.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -158,7 +158,7 @@ def is_json_mimetype(mimetype):
if mimetype is None:
return False

maintype, subtype = mimetype.split("/") # type: str, str
maintype, subtype = mimetype.split("/", maxsplit=1) # type: str, str
if ";" in subtype:
subtype, parameter = subtype.split(";", maxsplit=1)
return maintype == "application" and (
Expand Down Expand Up @@ -310,10 +310,8 @@ def extract_content_type(

if decoded_key.lower() == "content-type":
if isinstance(value, bytes):
content_type = value.decode("latin-1")
else:
content_type = value
break
value = value.decode("latin-1")
content_type = ",".join([content_type, value] if content_type else [value])
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There should be only one content-type header. If there are multiple, I believe it is more appropriate to raise a BadRequest error to return a 400 status code


return content_type

Expand Down
23 changes: 23 additions & 0 deletions tests/test_json_validation.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -175,3 +175,26 @@ class MyDefaultsJSONBodyValidator(DefaultsJSONRequestBodyValidator):
)
assert res.status_code == 200
assert res.json().get("human")


def test_multiple_json_content_type(json_validation_spec_dir, spec):
"""ensure that defaults applied that modify the body"""
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The docstring is the one from the test above, it should be about multiple content type headers?


class MyDefaultsJSONBodyValidator(DefaultsJSONRequestBodyValidator):
pass

validator_map = {"body": {"application/json": MyDefaultsJSONBodyValidator}}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think we need to update the custom body validator in this test


app = App(__name__, specification_dir=json_validation_spec_dir)
app.add_api(spec, validate_responses=True, validator_map=validator_map)
app_client = app.test_client()

res = app_client.post(
"/v1.0/user",
data=json.dumps({"name": "foo"}),
headers={
"content-type": "application/json",
"Content-Type": "application/json",
},
)
assert res.status_code == 415
33 changes: 23 additions & 10 deletions tests/test_utils.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,16 +62,29 @@ def test_deep_get_list():
assert utils.deep_get(obj, ["0", "properties", "id"]) == {"type": "string"}


def test_is_json_mimetype():
assert utils.is_json_mimetype("application/json")
assert utils.is_json_mimetype("application/vnd.com.myEntreprise.v6+json")
assert utils.is_json_mimetype(
"application/vnd.scanner.adapter.vuln.report.harbor+json; version=1.0"
)
assert utils.is_json_mimetype(
"application/vnd.com.myEntreprise.v6+json; charset=UTF-8"
)
assert not utils.is_json_mimetype("text/html")
@pytest.mark.parametrize(
"mime_type",
[
"application/json",
"application/vnd.com.myEntreprise.v6+json",
"application/vnd.scanner.adapter.vuln.report.harbor+json; version=1.0",
"application/vnd.com.myEntreprise.v6+json; charset=UTF-8",
],
)
def test_is_json_mimetype_true(mime_type: str):
assert utils.is_json_mimetype(mime_type)


@pytest.mark.parametrize(
"mime_type",
[
"application/json,application/json",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This isn't a valid mimetype

"text/html",
"text/json",
],
)
def test_is_json_mimetype_false(mime_type: str):
assert not utils.is_json_mimetype(mime_type)


def test_sort_routes():
Expand Down