From 62b20e955b52ca6749c57c9fdcf5a2f89f2c9fa1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=C3=A7ois=20Cabrol?= Date: Tue, 28 Jun 2022 16:49:46 +0200 Subject: [PATCH] fix: return a 415 if the call has no Content-Type in the headers MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: François Cabrol --- src/server.js | 80 ++++++++++++++++++++++++--------------------- test/server-test.js | 23 +++++++++++-- 2 files changed, 64 insertions(+), 39 deletions(-) diff --git a/src/server.js b/src/server.js index 54e9016e..8e78ab0d 100644 --- a/src/server.js +++ b/src/server.js @@ -81,50 +81,56 @@ class Server extends Base { } res.end(); } else if (req.method === 'POST') { - res.setHeader('Content-Type', req.headers['content-type']); - var chunks = [], gunzip; - if (compress && req.headers['content-encoding'] === 'gzip') { - gunzip = new compress.Gunzip(); - gunzip.init(); - } - req.on('data', function(chunk) { - if (gunzip) - chunk = gunzip.inflate(chunk, 'binary'); - chunks.push(chunk); - }); - req.on('end', function() { - var xml = chunks.join(''); - var result; - var error; - if (gunzip) { - gunzip.end(); - gunzip = null; + if (!req.headers['content-type']) { + res.statusCode = 415; + res.write('The Content-Type is expected in the headers'); + res.end(); + } else { + res.setHeader('Content-Type', req.headers['content-type']); + var chunks = [], gunzip; + if (compress && req.headers['content-encoding'] === 'gzip') { + gunzip = new compress.Gunzip(); + gunzip.init(); } - try { - if (typeof self.log === 'function') { - self.log('received', xml); + req.on('data', function(chunk) { + if (gunzip) + chunk = gunzip.inflate(chunk, 'binary'); + chunks.push(chunk); + }); + req.on('end', function() { + var xml = chunks.join(''); + var result; + var error; + if (gunzip) { + gunzip.end(); + gunzip = null; } - self._process(xml, req, function(result, statusCode) { - if (statusCode) { - res.statusCode = statusCode; + try { + if (typeof self.log === 'function') { + self.log('received', xml); } - res.write(result); + self._process(xml, req, function(result, statusCode) { + if (statusCode) { + res.statusCode = statusCode; + } + res.write(result); + res.end(); + if (typeof self.log === 'function') { + self.log('replied', result); + } + }); + } + catch (err) { + error = err.stack || err; + res.statusCode = 500; + res.write(error); res.end(); if (typeof self.log === 'function') { - self.log('replied', result); + self.log('error', error); } - }); - } - catch (err) { - error = err.stack || err; - res.statusCode = 500; - res.write(error); - res.end(); - if (typeof self.log === 'function') { - self.log('error', error); } - } - }); + }); + } } else { res.end(); diff --git a/test/server-test.js b/test/server-test.js index c45e6d4f..6e134280 100644 --- a/test/server-test.js +++ b/test/server-test.js @@ -202,8 +202,8 @@ describe('SOAP Server', function() { body : '' + - ' ' + ' ' + + ' ' + '', headers: {'Content-Type': 'text/xml'} }, function(err, res, body) { @@ -215,6 +215,25 @@ describe('SOAP Server', function() { ); }); + it('should 415 on missing Content-type header', function(done) { + request.post({ + url: test.baseUrl + '/stockquote?wsdl', + body : '' + + ' ' + + ' ' + + '', + headers: {} + }, function(err, res, body) { + assert.ok(!err); + assert.equal(res.statusCode, 415); + assert.equal(body, 'The Content-Type is expected in the headers'); + done(); + } + ); + }); + it('should server up WSDL', function(done) { request(test.baseUrl + '/stockquote?wsdl', function(err, res, body) { if (err) { @@ -360,7 +379,7 @@ describe('SOAP Server', function() { assert.equal(0, parseFloat(result.price)); done(); }, { - soapHeaders: { + soapHeaders: { SomeToken: 123.45 } });