Skip to content

Fix: enforce Content-Type header via middleware with tests#735

Open
coderTanisha22 wants to merge 1 commit intoaiondemand:developfrom
coderTanisha22:fix-content-type-middleware
Open

Fix: enforce Content-Type header via middleware with tests#735
coderTanisha22 wants to merge 1 commit intoaiondemand:developfrom
coderTanisha22:fix-content-type-middleware

Conversation

@coderTanisha22
Copy link

@coderTanisha22 coderTanisha22 commented Mar 19, 2026

Change(s)

Change Type: Fixed

Change Category: Internal

Changelog Entry:
Fix silent failure when 'Content-Type' header is missing for JSON requests.

Added a global middleware that validates the 'Content-Type' header for POST, PUT, and PATCH requests with a request body. If the header is missing or does not include 'application/json', the API now returns a '415 Unsupported Media Type' response instead of silently accepting the request.

The implementation ensures compatibility by:

  • Skipping validation for documentation endpoints ('/docs', '/openapi.json', '/redoc')
  • Allowing multipart/form-data endpoints (e.g. organisation image uploads)
  • Only enforcing validation when a request body is present

How to Test

  • Send a POST/PUT/PATCH request with a JSON body but without the 'Content-Type: application/json' header → should return '415'
  • Send the same request with a valid 'Content-Type' → should succeed
  • Verify that:
    • '/docs', '/openapi.json', '/redoc' still work
    • Multipart upload endpoint ('/organisations/{identifier}/image') is not blocked

Automated tests have been added to cover these scenarios.

Checklist

  • Tests have been added or updated to reflect the changes
  • Documentation has been added or updated to reflect the changes (not required for this change)
  • A self-review has been conducted
  • All CI checks pass before pinging a reviewer (will monitor CI after submission)
  • The PR title matches the changelog entry's one-line description

Related Issues

Closes #622

@coderTanisha22
Copy link
Author

coderTanisha22 commented Mar 19, 2026

Hi @PGijsbers , I’ve implemented a fix for this issue.

The solution introduces a global middleware that validates the 'Content-Type' header for POST, PUT, and PATCH requests with a request body, returning a 415 response when it is missing or invalid.

I’ve also added isolated tests covering edge cases and ensuring compatibility with multipart and documentation endpoints.

Would appreciate your review and any feedback. Thanks!

@coderTanisha22 coderTanisha22 deleted the fix-content-type-middleware branch March 19, 2026 20:40
@coderTanisha22 coderTanisha22 restored the fix-content-type-middleware branch March 19, 2026 20:46
@coderTanisha22
Copy link
Author

coderTanisha22 commented Mar 19, 2026

Reopened the PR after accidentally deleting and restoring the branch.
No changes to the implementation, just restoring the previous state.
@PGijsbers Would appreciate a review when you get time. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Missing the content-type header fails silently

1 participant

@coderTanisha22