From 180143f9b2ec8f82db11a89485140b1a89c4f0df Mon Sep 17 00:00:00 2001
From: Vladimir Dronnikov <dronnikov@gmail.com>
Date: Fri, 12 Apr 2013 09:51:47 +0400
Subject: rest: reject incorrect content-type header

---
 src/cowboy_rest.erl |  9 ++++++---
 test/http_SUITE.erl | 11 +++++++++++
 2 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/src/cowboy_rest.erl b/src/cowboy_rest.erl
index 526f102..40baabb 100644
--- a/src/cowboy_rest.erl
+++ b/src/cowboy_rest.erl
@@ -776,9 +776,12 @@ accept_resource(Req, State, OnTrue) ->
 		{CTA, Req2, HandlerState} ->
 		    CTA2 = [normalize_content_types(P) || P <- CTA],
 			State2 = State#state{handler_state=HandlerState},
-			{ok, ContentType, Req3}
-				= cowboy_req:parse_header(<<"content-type">>, Req2),
-			choose_content_type(Req3, State2, OnTrue, ContentType, CTA2)
+			case cowboy_req:parse_header(<<"content-type">>, Req2) of
+				{ok, ContentType, Req3} ->
+					choose_content_type(Req3, State2, OnTrue, ContentType, CTA2);
+				{error, badarg} ->
+					respond(Req2, State2, 415)
+			end
 	end.
 
 %% The special content type '*' will always match. It can be used as a
diff --git a/test/http_SUITE.erl b/test/http_SUITE.erl
index e33e19a..14bba9c 100644
--- a/test/http_SUITE.erl
+++ b/test/http_SUITE.erl
@@ -54,6 +54,7 @@
 -export([pipeline/1]).
 -export([pipeline_long_polling/1]).
 -export([rest_bad_accept/1]).
+-export([rest_bad_content_type/1]).
 -export([rest_expires/1]).
 -export([rest_keepalive/1]).
 -export([rest_keepalive_post/1]).
@@ -123,6 +124,7 @@ groups() ->
 		pipeline,
 		pipeline_long_polling,
 		rest_bad_accept,
+		rest_bad_content_type,
 		rest_expires,
 		rest_keepalive,
 		rest_keepalive_post,
@@ -355,6 +357,7 @@ init_dispatch(Config) ->
 			{"/echo/body_qs", http_handler_body_qs, []},
 			{"/param_all", rest_param_all, []},
 			{"/bad_accept", rest_simple_resource, []},
+			{"/bad_content_type", rest_patch_resource, []},
 			{"/simple", rest_simple_resource, []},
 			{"/forbidden_post", rest_forbidden_resource, [true]},
 			{"/simple_post", rest_forbidden_resource, [false]},
@@ -879,6 +882,14 @@ rest_bad_accept(Config) ->
 		Client),
 	{ok, 400, _, _} = cowboy_client:response(Client2).
 
+rest_bad_content_type(Config) ->
+	Client = ?config(client, Config),
+	{ok, Client2} = cowboy_client:request(<<"PATCH">>,
+		build_url("/bad_content_type", Config),
+		[{<<"content-type">>, <<"text/plain, text/html">>}],
+		<<"Whatever">>, Client),
+	{ok, 415, _, _} = cowboy_client:response(Client2).
+
 rest_expires(Config) ->
 	Client = ?config(client, Config),
 	{ok, Client2} = cowboy_client:request(<<"GET">>,
-- 
cgit v1.2.3