From 0b6ccff62d345dcb196890a24e78a1681ead7638 Mon Sep 17 00:00:00 2001 From: Tom Clegg Date: Thu, 5 Oct 2023 09:48:29 -0400 Subject: [PATCH] 20300: Fix crash on empty Content-Type header. Arvados-DCO-1.1-Signed-off-by: Tom Clegg --- .../initializers/clear_empty_content_type.rb | 26 +++++++++++++++++++ .../api/test/integration/http_quirks_test.rb | 16 ++++++++++++ 2 files changed, 42 insertions(+) create mode 100644 services/api/config/initializers/clear_empty_content_type.rb create mode 100644 services/api/test/integration/http_quirks_test.rb diff --git a/services/api/config/initializers/clear_empty_content_type.rb b/services/api/config/initializers/clear_empty_content_type.rb new file mode 100644 index 0000000000..3e501be212 --- /dev/null +++ b/services/api/config/initializers/clear_empty_content_type.rb @@ -0,0 +1,26 @@ +# Copyright (C) The Arvados Authors. All rights reserved. +# +# SPDX-License-Identifier: AGPL-3.0 + +# Rails handler stack crashes if the request Content-Type header value +# is "", which is sometimes the case in GET requests from +# ruby-google-api-client (which have no body content anyway). +# +# This middleware deletes such headers, so a request with an empty +# Content-Type value is equivalent to a missing Content-Type header. +class ClearEmptyContentType + def initialize(app=nil, options=nil) + @app = app + end + + def call(env) + if env["CONTENT_TYPE"] == "" + env.delete("CONTENT_TYPE") + end + @app.call(env) if @app.respond_to?(:call) + end +end + +Server::Application.configure do + config.middleware.use ClearEmptyContentType +end diff --git a/services/api/test/integration/http_quirks_test.rb b/services/api/test/integration/http_quirks_test.rb new file mode 100644 index 0000000000..107e6a6550 --- /dev/null +++ b/services/api/test/integration/http_quirks_test.rb @@ -0,0 +1,16 @@ +# Copyright (C) The Arvados Authors. All rights reserved. +# +# SPDX-License-Identifier: AGPL-3.0 + +require 'test_helper' + +class HttpQuirksTest < ActionDispatch::IntegrationTest + fixtures :all + + test "GET request with empty Content-Type header" do + authorize_with :active + get "/arvados/v1/collections", + headers: auth(:active).merge("Content-Type" => "") + assert_response :success + end +end -- 2.30.2