20300: Fix crash on empty Content-Type header.

Arvados-DCO-1.1-Signed-off-by: Tom Clegg <tom@curii.com>

diff --git a/services/api/config/initializers/clear_empty_content_type.rb b/services/api/config/initializers/clear_empty_content_type.rb
new file mode 100644 (file)
index 0000000..3e501be
--- /dev/null
+++ b/services/api/config/initializers/clear_empty_content_type.rb
@@ -0,0 +1,26 @@
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
+
+# Rails handler stack crashes if the request Content-Type header value
+# is "", which is sometimes the case in GET requests from
+# ruby-google-api-client (which have no body content anyway).
+#
+# This middleware deletes such headers, so a request with an empty
+# Content-Type value is equivalent to a missing Content-Type header.
+class ClearEmptyContentType
+  def initialize(app=nil, options=nil)
+    @app = app
+  end
+
+  def call(env)
+    if env["CONTENT_TYPE"] == ""
+      env.delete("CONTENT_TYPE")
+    end
+    @app.call(env) if @app.respond_to?(:call)
+  end
+end
+
+Server::Application.configure do
+  config.middleware.use ClearEmptyContentType
+end

diff --git a/services/api/test/integration/http_quirks_test.rb b/services/api/test/integration/http_quirks_test.rb
new file mode 100644 (file)
index 0000000..107e6a6
--- /dev/null
+++ b/services/api/test/integration/http_quirks_test.rb
@@ -0,0 +1,16 @@
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
+
+require 'test_helper'
+
+class HttpQuirksTest < ActionDispatch::IntegrationTest
+  fixtures :all
+
+  test "GET request with empty Content-Type header" do
+    authorize_with :active
+    get "/arvados/v1/collections",
+        headers: auth(:active).merge("Content-Type" => "")
+    assert_response :success
+  end
+end