Enforce content type on barbican REST API
Before barbican moved from Falcon to Pecan, content types were coerced to application/json. That meant that a user could use a tool such as curl, omit the content type, and the call would succeed.
After moving to Pecan, the default content-type changed to application/
This blueprint proposes that we check and enforce the content-type coming in and return an http 415 error if it is not correct. That means that a curl request will have to ensure that it adds the content-
Implementation of this bluepring will require:
- updating the barbican code to detect incorrect content types and return http 415
- updating the barbican documentation to describe this behavior and how to remedy
- updating the barbican tests to validate the behavior
Blueprint information
- Status:
- Complete
- Approver:
- Douglas Mendizábal
- Priority:
- Medium
- Drafter:
- Steve Heyman
- Direction:
- Approved
- Assignee:
- Steve Heyman
- Definition:
- Approved
- Series goal:
- Accepted for juno
- Implementation:
- Implemented
- Milestone target:
- 2014.2
- Started by
- Douglas Mendizábal
- Completed by
- Douglas Mendizábal
Related branches
Related bugs
Sprints
Whiteboard
Please add related spec link in blueprint details.
Gerrit topic: https:/
Addressed by: https:/
Implement content-type HTTP header enforcement