Merge remote-tracking branch 'remotes/origin/master' into ja_20190822_1440_infinispan_query_cache
This commit is contained in:
commit
bc821a7060
|
@ -157,9 +157,6 @@ public class ResourceParameter implements IParameter {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (isBlank(ctValue)) {
|
if (isBlank(ctValue)) {
|
||||||
/*
|
|
||||||
* If the client didn't send a content type, try to guess
|
|
||||||
*/
|
|
||||||
String body;
|
String body;
|
||||||
try {
|
try {
|
||||||
body = IOUtils.toString(requestReader);
|
body = IOUtils.toString(requestReader);
|
||||||
|
@ -170,12 +167,9 @@ public class ResourceParameter implements IParameter {
|
||||||
if (isBlank(body)) {
|
if (isBlank(body)) {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
encoding = EncodingEnum.detectEncodingNoDefault(body);
|
|
||||||
if (encoding == null) {
|
String msg = ctx.getLocalizer().getMessage(ResourceParameter.class, "noContentTypeInRequest", restOperationType);
|
||||||
String msg = ctx.getLocalizer().getMessage(ResourceParameter.class, "noContentTypeInRequest", restOperationType);
|
throw new InvalidRequestException(msg);
|
||||||
throw new InvalidRequestException(msg);
|
|
||||||
}
|
|
||||||
requestReader = new InputStreamReader(new ByteArrayInputStream(theRequest.loadRequestContents()), charset);
|
|
||||||
} else {
|
} else {
|
||||||
String msg = ctx.getLocalizer().getMessage(ResourceParameter.class, "invalidContentTypeInRequest", ctValue, restOperationType);
|
String msg = ctx.getLocalizer().getMessage(ResourceParameter.class, "invalidContentTypeInRequest", ctValue, restOperationType);
|
||||||
throw new InvalidRequestException(msg);
|
throw new InvalidRequestException(msg);
|
||||||
|
|
|
@ -77,6 +77,23 @@ public class CreateR4Test {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testCreateFailsIfNoContentTypeProvided() throws Exception {
|
||||||
|
|
||||||
|
HttpPost httpPost = new HttpPost("http://localhost:" + ourPort + "/Patient");
|
||||||
|
httpPost.setEntity(new StringEntity("{\"resourceType\":\"Patient\", \"id\":\"999\", \"status\":\"active\"}", (ContentType) null));
|
||||||
|
try (CloseableHttpResponse status = ourClient.execute(httpPost)) {
|
||||||
|
|
||||||
|
String responseContent = IOUtils.toString(status.getEntity().getContent(), StandardCharsets.UTF_8);
|
||||||
|
|
||||||
|
ourLog.info("Response was:\n{}", responseContent);
|
||||||
|
|
||||||
|
assertEquals(400, status.getStatusLine().getStatusCode());
|
||||||
|
assertThat(responseContent, containsString("No Content-Type header was provided in the request. This is required for \\\"CREATE\\\" operation"));
|
||||||
|
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* #472
|
* #472
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -232,9 +232,9 @@ public class OperationGenericServer2R4Test {
|
||||||
|
|
||||||
HttpGet httpPost = new HttpGet("http://localhost:" + myPort + "/Patient/123/$OP_INSTANCE");
|
HttpGet httpPost = new HttpGet("http://localhost:" + myPort + "/Patient/123/$OP_INSTANCE");
|
||||||
try (CloseableHttpResponse status = ourClient.execute(httpPost)) {
|
try (CloseableHttpResponse status = ourClient.execute(httpPost)) {
|
||||||
assertEquals(200, status.getStatusLine().getStatusCode());
|
|
||||||
String response = IOUtils.toString(status.getEntity().getContent(), StandardCharsets.UTF_8);
|
String response = IOUtils.toString(status.getEntity().getContent(), StandardCharsets.UTF_8);
|
||||||
ourLog.info(response);
|
ourLog.info(response);
|
||||||
|
assertEquals(200, status.getStatusLine().getStatusCode());
|
||||||
status.getEntity().getContent().close();
|
status.getEntity().getContent().close();
|
||||||
|
|
||||||
assertEquals("123", ourLastId.getIdPart());
|
assertEquals("123", ourLastId.getIdPart());
|
||||||
|
|
|
@ -110,6 +110,13 @@
|
||||||
A note has been added to the downloads page explaning the removal of the hapi-fhir-utilities
|
A note has been added to the downloads page explaning the removal of the hapi-fhir-utilities
|
||||||
module. Thanks to Andrew Fitzgerald for the PR!
|
module. Thanks to Andrew Fitzgerald for the PR!
|
||||||
</action>
|
</action>
|
||||||
|
<action type="change">
|
||||||
|
REST servers will no longer try to guess the content type for HTTP requests where a body
|
||||||
|
is provided but no Content-Type header is included. These requests are invalid, and will now
|
||||||
|
result in an HTTP 400. This change corrects an error where some interceptors (notably
|
||||||
|
the RequestValidatingInterceptor, but not including any HAPI FHIR security interceptors)
|
||||||
|
could be bypassed if a Content Type was not included.
|
||||||
|
</action>
|
||||||
</release>
|
</release>
|
||||||
<release version="4.0.1" date="2019-09-03" description="Igloo (Point Release)">
|
<release version="4.0.1" date="2019-09-03" description="Igloo (Point Release)">
|
||||||
<action type="fix">
|
<action type="fix">
|
||||||
|
|
Loading…
Reference in New Issue