From 122cdde6982174a8e9cf70ef26a1393cb3912066 Mon Sep 17 00:00:00 2001 From: Timo Glastra Date: Sat, 11 Mar 2023 13:31:09 +0100 Subject: [PATCH] fix: return HTTP 415 if unsupported content type (#1313) Signed-off-by: Timo Glastra --- .../src/transport/HttpInboundTransport.ts | 21 +++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/packages/node/src/transport/HttpInboundTransport.ts b/packages/node/src/transport/HttpInboundTransport.ts index 2bc1161954..891ad4145e 100644 --- a/packages/node/src/transport/HttpInboundTransport.ts +++ b/packages/node/src/transport/HttpInboundTransport.ts @@ -5,6 +5,8 @@ import type { Server } from 'http' import { DidCommMimeType, AriesFrameworkError, TransportService, utils, MessageReceiver } from '@aries-framework/core' import express, { text } from 'express' +const supportedContentTypes: string[] = [DidCommMimeType.V0, DidCommMimeType.V1] + export class HttpInboundTransport implements InboundTransport { public readonly app: Express private port: number @@ -22,12 +24,19 @@ export class HttpInboundTransport implements InboundTransport { this.app = app ?? express() this.path = path ?? '/' - this.app.use( - text({ - type: [DidCommMimeType.V0, DidCommMimeType.V1], - limit: '5mb', - }) - ) + this.app.use((req, res, next) => { + const contentType = req.headers['content-type'] + + if (!contentType || !supportedContentTypes.includes(contentType)) { + return res + .status(415) + .send('Unsupported content-type. Supported content-types are: ' + supportedContentTypes.join(', ')) + } + + return next() + }) + + this.app.use(text({ type: supportedContentTypes, limit: '5mb' })) } public async start(agent: Agent) {