Merge pull request #2892 from dunglas/use-415

A faulty Content-Type should return the 415 status code, not 406

Author: teohhanhui

features/security/validate_incoming_content-types.feature

@@ -11,6 +11,6 @@ Feature: Validate incoming content type
     """
     something
     """
-    Then the response status code should be 406
+    Then the response status code should be 415
     And the header "Content-Type" should be equal to "application/ld+json; charset=utf-8"
     And the JSON node "hydra:description" should be equal to 'The content-type "text/plain" is not supported. Supported MIME types are "application/ld+json", "application/hal+json", "application/vnd.api+json", "application/xml", "text/xml", "application/json", "text/html".'

src/EventListener/DeserializeListener.php

@@ -22,7 +22,7 @@
 use ApiPlatform\Core\Util\RequestAttributesExtractor;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpKernel\Event\GetResponseEvent;
-use Symfony\Component\HttpKernel\Exception\NotAcceptableHttpException;
+use Symfony\Component\HttpKernel\Exception\UnsupportedMediaTypeHttpException;
 use Symfony\Component\Serializer\Normalizer\AbstractNormalizer;
 use Symfony\Component\Serializer\SerializerInterface;
 
@@ -65,6 +65,8 @@ public function __construct(SerializerInterface $serializer, SerializerContextBu
 
     /**
      * Deserializes the data sent in the requested format.
+     *
+     * @throws UnsupportedMediaTypeHttpException
      */
     public function onKernelRequest(GetResponseEvent $event): void
     {
@@ -104,7 +106,7 @@ public function onKernelRequest(GetResponseEvent $event): void
     /**
      * Extracts the format from the Content-Type header and check that it is supported.
      *
-     * @throws NotAcceptableHttpException
+     * @throws UnsupportedMediaTypeHttpException
      */
     private function getFormat(Request $request): string
     {
@@ -113,7 +115,7 @@ private function getFormat(Request $request): string
          */
         $contentType = $request->headers->get('CONTENT_TYPE');
         if (null === $contentType) {
-            throw new NotAcceptableHttpException('The "Content-Type" header must exist.');
+            throw new UnsupportedMediaTypeHttpException('The "Content-Type" header must exist.');
         }
 
         $format = $this->formatMatcher->getFormat($contentType);
@@ -125,7 +127,7 @@ private function getFormat(Request $request): string
                 }
             }
 
-            throw new NotAcceptableHttpException(sprintf(
+            throw new UnsupportedMediaTypeHttpException(sprintf(
                 'The content-type "%s" is not supported. Supported MIME types are "%s".',
                 $contentType,
                 implode('", "', $supportedMimeTypes)

tests/EventListener/DeserializeListenerTest.php

@@ -23,7 +23,7 @@
 use Prophecy\Argument;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpKernel\Event\GetResponseEvent;
-use Symfony\Component\HttpKernel\Exception\NotAcceptableHttpException;
+use Symfony\Component\HttpKernel\Exception\UnsupportedMediaTypeHttpException;
 use Symfony\Component\Serializer\Normalizer\AbstractNormalizer;
 use Symfony\Component\Serializer\SerializerInterface;
 
@@ -227,7 +227,7 @@ public function testContentNegotiation()
 
     public function testNotSupportedContentType()
     {
-        $this->expectException(NotAcceptableHttpException::class);
+        $this->expectException(UnsupportedMediaTypeHttpException::class);
         $this->expectExceptionMessage('The content-type "application/rdf+xml" is not supported. Supported MIME types are "application/ld+json", "text/xml".');
 
         $eventProphecy = $this->prophesize(GetResponseEvent::class);
@@ -257,7 +257,7 @@ public function testNotSupportedContentType()
 
     public function testNoContentType()
     {
-        $this->expectException(NotAcceptableHttpException::class);
+        $this->expectException(UnsupportedMediaTypeHttpException::class);
         $this->expectExceptionMessage('The "Content-Type" header must exist.');
 
         $eventProphecy = $this->prophesize(GetResponseEvent::class);