Merge pull request rails#51247 from Earlopain/fix-51228

rafaelfranca · web-flow · commit 08b49f18eb04 · 2024-03-05T10:18:13.000-05:00
Fix crash for invalid Content-Type in ShowExceptions middleware
diff --git a/actionpack/lib/action_dispatch/middleware/show_exceptions.rb b/actionpack/lib/action_dispatch/middleware/show_exceptions.rb
@@ -67,9 +67,17 @@ def render_exception(request, wrapper)
       def fallback_to_html_format_if_invalid_mime_type(request)
         # If the MIME type for the request is invalid then the @exceptions_app may not
         # be able to handle it. To make it easier to handle, we switch to HTML.
-        request.formats
-      rescue ActionDispatch::Http::MimeNegotiation::InvalidType
-        request.set_header "HTTP_ACCEPT", "text/html"
+        begin
+          request.content_mime_type
+        rescue ActionDispatch::Http::MimeNegotiation::InvalidType
+          request.set_header "CONTENT_TYPE", "text/html"
+        end
+
+        begin
+          request.formats
+        rescue ActionDispatch::Http::MimeNegotiation::InvalidType
+          request.set_header "HTTP_ACCEPT", "text/html"
+        end
       end
 
       def pass_response(status)
diff --git a/railties/test/application/middleware/exceptions_test.rb b/railties/test/application/middleware/exceptions_test.rb
@@ -82,6 +82,7 @@ def not_acceptable
       app_file "config/routes.rb", <<-RUBY
         Rails.application.routes.draw do
           get "/foo", to: "foo#index"
+          post "/foo", to: "foo#index"
           match "/406", to: "foo#not_acceptable", via: :all
         end
       RUBY
@@ -93,6 +94,18 @@ def not_acceptable
       get "/foo", {}, { "HTTP_ACCEPT" => "invalid", "HTTPS" => "on" }
       assert_equal 406, last_response.status
       assert_not_equal "rendering index!", last_response.body
+
+      get "/foo", {}, { "CONTENT_TYPE" => "invalid", "HTTPS" => "on" }
+      assert_equal 406, last_response.status
+      assert_not_equal "rendering index!", last_response.body
+
+      get "/foo", {}, { "HTTP_ACCEPT" => "invalid", "CONTENT_TYPE" => "invalid", "HTTPS" => "on" }
+      assert_equal 406, last_response.status
+      assert_not_equal "rendering index!", last_response.body
+
+      post "/foo", {}, { "HTTP_ACCEPT" => "invalid", "CONTENT_TYPE" => "invalid", "HTTPS" => "on" }
+      assert_equal 406, last_response.status
+      assert_not_equal "rendering index!", last_response.body
     end
 
     test "uses custom exceptions app" do
