Enforce content type on barbican REST API

Registered by Steve Heyman

Before barbican moved from Falcon to Pecan, content types were coerced to application/json. That meant that a user could use a tool such as curl, omit the content type, and the call would succeed.

After moving to Pecan, the default content-type changed to application/x-www-form-urlencoded. This meant that a curl request without a content type specified would end up coming into barbican as a urlencoded string and would fail during JSONifying.

This blueprint proposes that we check and enforce the content-type coming in and return an http 415 error if it is not correct. That means that a curl request will have to ensure that it adds the content-type=application/json otherwise it will fail with an http 415 error.

Implementation of this bluepring will require:

- updating the barbican code to detect incorrect content types and return http 415
- updating the barbican documentation to describe this behavior and how to remedy
- updating the barbican tests to validate the behavior

Blueprint information

Status:
Complete
Approver:
Douglas Mendizábal
Priority:
Medium
Drafter:
Steve Heyman
Direction:
Approved
Assignee:
Steve Heyman
Definition:
Approved
Series goal:
Accepted for juno
Implementation:
Implemented
Milestone target:
milestone icon 2014.2
Started by
Douglas Mendizábal
Completed by
Douglas Mendizábal

Related branches

Sprints

Whiteboard

Please add related spec link in blueprint details.

Gerrit topic: https://review.openstack.org/#q,topic:bp/barbican-enforce-content-type,n,z

Addressed by: https://review.openstack.org/104237
    Implement content-type HTTP header enforcement

(?)

Work Items

This blueprint contains Public information 
Everyone can see this information.

Subscribers

No subscribers.