Bad request if charset in content-type header
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Canonical SSO provider |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
If you set a charset in the content-type header of a request to any method in the API, which is a perfectly valid part of the Content-Type HTTP header, then the request automatically fails with a 400 response (and a plaintext response body, not JSON), e.g.:
POST /api/v2/
Accept: application/json
Accept-Encoding: gzip, deflate, compress
Content-Length: 82
Content-Type: application/json; charset=utf-8
Host: login.ubuntu.com
User-Agent: HTTPie/0.8.0
{
"authorizat
"http_method": "get",
"http_url": "http://
}
HTTP/1.1 400 BAD REQUEST
Connection: close
Content-Encoding: gzip
Content-Language: en
Content-Length: 31
Content-Type: text/plain
Date: Mon, 13 Oct 2014 09:46:59 GMT
Server: Apache/2.2.22 (Ubuntu)
Vary: Authorization,
X-Frame-Options: SAMEORIGIN
strict-
x-content-
x-xss-protection: 1; mode=block
Above I use "; charset=utf-8" on the end of the content-type to inform the upstream service that my request is also UTF-8 codebooked, if I just provide "application/json" as the content-type however the request works as documented.
| Daniel Manrique (roadmr) wrote | #1 |
| Changed in canonical-identity-provider: | |
| status: | New → Fix Released |
$ curl -X POST https:/
* upload completely sent off: 25 out of 25 bytes
< HTTP/1.1 200 OK
< Date: Tue, 08 Oct 2019 15:09:03 GMT
< Server: gunicorn/19.3.0
< Content-Length: 57
< x-xss-protection: 1; mode=block
< x-content-
< Content-Language: en
< strict-
< Vary: Authorization,
< X-Frame-Options: SAMEORIGIN
< Content-Type: application/json; charset=utf-8
< X-Bzr-Revision-
< X-Request-Id: (null)1
<
{
"is_valid": false,
"account_
}