Don't guess content type for create/put
This commit is contained in:
parent
8c6fd9f2d9
commit
7d162c50db
|
@ -157,9 +157,6 @@ public class ResourceParameter implements IParameter {
|
|||
}
|
||||
}
|
||||
if (isBlank(ctValue)) {
|
||||
/*
|
||||
* If the client didn't send a content type, try to guess
|
||||
*/
|
||||
String body;
|
||||
try {
|
||||
body = IOUtils.toString(requestReader);
|
||||
|
@ -170,12 +167,9 @@ public class ResourceParameter implements IParameter {
|
|||
if (isBlank(body)) {
|
||||
return null;
|
||||
}
|
||||
encoding = EncodingEnum.detectEncodingNoDefault(body);
|
||||
if (encoding == null) {
|
||||
String msg = ctx.getLocalizer().getMessage(ResourceParameter.class, "noContentTypeInRequest", restOperationType);
|
||||
throw new InvalidRequestException(msg);
|
||||
}
|
||||
requestReader = new InputStreamReader(new ByteArrayInputStream(theRequest.loadRequestContents()), charset);
|
||||
|
||||
String msg = ctx.getLocalizer().getMessage(ResourceParameter.class, "noContentTypeInRequest", restOperationType);
|
||||
throw new InvalidRequestException(msg);
|
||||
} else {
|
||||
String msg = ctx.getLocalizer().getMessage(ResourceParameter.class, "invalidContentTypeInRequest", ctValue, restOperationType);
|
||||
throw new InvalidRequestException(msg);
|
||||
|
|
|
@ -77,6 +77,23 @@ public class CreateR4Test {
|
|||
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testCreateFailsIfNoContentTypeProvided() throws Exception {
|
||||
|
||||
HttpPost httpPost = new HttpPost("http://localhost:" + ourPort + "/Patient");
|
||||
httpPost.setEntity(new StringEntity("{\"resourceType\":\"Patient\", \"id\":\"999\", \"status\":\"active\"}", (ContentType) null));
|
||||
try (CloseableHttpResponse status = ourClient.execute(httpPost)) {
|
||||
|
||||
String responseContent = IOUtils.toString(status.getEntity().getContent(), StandardCharsets.UTF_8);
|
||||
|
||||
ourLog.info("Response was:\n{}", responseContent);
|
||||
|
||||
assertEquals(400, status.getStatusLine().getStatusCode());
|
||||
assertThat(responseContent, containsString("No Content-Type header was provided in the request. This is required for \\\"CREATE\\\" operation"));
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* #472
|
||||
*/
|
||||
|
|
|
@ -232,9 +232,9 @@ public class OperationGenericServer2R4Test {
|
|||
|
||||
HttpGet httpPost = new HttpGet("http://localhost:" + myPort + "/Patient/123/$OP_INSTANCE");
|
||||
try (CloseableHttpResponse status = ourClient.execute(httpPost)) {
|
||||
assertEquals(200, status.getStatusLine().getStatusCode());
|
||||
String response = IOUtils.toString(status.getEntity().getContent(), StandardCharsets.UTF_8);
|
||||
ourLog.info(response);
|
||||
assertEquals(200, status.getStatusLine().getStatusCode());
|
||||
status.getEntity().getContent().close();
|
||||
|
||||
assertEquals("123", ourLastId.getIdPart());
|
||||
|
|
|
@ -106,6 +106,13 @@
|
|||
A note has been added to the downloads page explaning the removal of the hapi-fhir-utilities
|
||||
module. Thanks to Andrew Fitzgerald for the PR!
|
||||
</action>
|
||||
<action type="change">
|
||||
REST servers will no longer try to guess the content type for HTTP requests where a body
|
||||
is provided but no Content-Type header is included. These requests are invalid, and will now
|
||||
result in an HTTP 400. This change corrects an error where some interceptors (notably
|
||||
the RequestValidatingInterceptor, but not including any HAPI FHIR security interceptors)
|
||||
could be bypassed if a Content Type was not included.
|
||||
</action>
|
||||
</release>
|
||||
<release version="4.0.0" date="2019-08-14" description="Igloo">
|
||||
<action type="add">
|
||||
|
|
Loading…
Reference in New Issue