Reject octet-stream content type when we expect json (#5862)

* reject octet-stream content type when we expect json * added a test, fixed a bug with checking for 415's
2026-03-03 00:31:50 +00:00 · 2024-07-12 07:13:52 +01:00
parent 4c7277c646
commit 69d84e785b
4 changed files with 107 additions and 4 deletions
--- a/common/warp_utils/src/json.rs
+++ b/common/warp_utils/src/json.rs
@@ -1,4 +1,5 @@
 use bytes::Bytes;
+use eth2::{CONTENT_TYPE_HEADER, SSZ_CONTENT_TYPE_HEADER};
 use serde::de::DeserializeOwned;
 use std::error::Error as StdError;
 use warp::{Filter, Rejection};
@@ -16,7 +17,17 @@ impl Json {
 }

 pub fn json<T: DeserializeOwned + Send>() -> impl Filter<Extract = (T,), Error = Rejection> + Copy {
-    warp::body::bytes().and_then(|bytes: Bytes| async move {
-        Json::decode(bytes).map_err(|err| reject::custom_deserialize_error(format!("{:?}", err)))
-    })
+    warp::header::optional::<String>(CONTENT_TYPE_HEADER)
+        .and(warp::body::bytes())
+        .and_then(|header: Option<String>, bytes: Bytes| async move {
+            if let Some(header) = header {
+                if header == SSZ_CONTENT_TYPE_HEADER {
+                    return Err(reject::unsupported_media_type(
+                        "The request's content-type is not supported".to_string(),
+                    ));
+                }
+            }
+            Json::decode(bytes)
+                .map_err(|err| reject::custom_deserialize_error(format!("{:?}", err)))
+        })
 }
--- a/common/warp_utils/src/reject.rs
+++ b/common/warp_utils/src/reject.rs
@@ -136,6 +136,15 @@ pub fn invalid_auth(msg: String) -> warp::reject::Rejection {
    warp::reject::custom(InvalidAuthorization(msg))
 }

+#[derive(Debug)]
+pub struct UnsupportedMediaType(pub String);
+
+impl Reject for UnsupportedMediaType {}
+
+pub fn unsupported_media_type(msg: String) -> warp::reject::Rejection {
+    warp::reject::custom(UnsupportedMediaType(msg))
+}
+
 #[derive(Debug)]
 pub struct IndexedBadRequestErrors {
    pub message: String,
@@ -170,6 +179,9 @@ pub async fn handle_rejection(err: warp::Rejection) -> Result<impl warp::Reply,
    if err.is_not_found() {
        code = StatusCode::NOT_FOUND;
        message = "NOT_FOUND".to_string();
+    } else if err.find::<crate::reject::UnsupportedMediaType>().is_some() {
+        code = StatusCode::UNSUPPORTED_MEDIA_TYPE;
+        message = "UNSUPPORTED_MEDIA_TYPE".to_string();
    } else if let Some(e) = err.find::<crate::reject::CustomDeserializeError>() {
        message = format!("BAD_REQUEST: body deserialize error: {}", e.0);
        code = StatusCode::BAD_REQUEST;