fix: return a 415 if the call has no Content-Type in the headers

Signed-off-by: François Cabrol <[email protected]>

Author: francois-spectre

src/server.js

@@ -81,50 +81,56 @@ class Server extends Base {
       }
       res.end();
     } else if (req.method === 'POST') {
-      res.setHeader('Content-Type', req.headers['content-type']);
-      var chunks = [], gunzip;
-      if (compress && req.headers['content-encoding'] === 'gzip') {
-        gunzip = new compress.Gunzip();
-        gunzip.init();
-      }
-      req.on('data', function(chunk) {
-        if (gunzip)
-          chunk = gunzip.inflate(chunk, 'binary');
-        chunks.push(chunk);
-      });
-      req.on('end', function() {
-        var xml = chunks.join('');
-        var result;
-        var error;
-        if (gunzip) {
-          gunzip.end();
-          gunzip = null;
+      if (!req.headers['content-type']) {
+        res.statusCode = 415;
+        res.write('The Content-Type is expected in the headers');
+        res.end();
+      } else {
+        res.setHeader('Content-Type', req.headers['content-type']);
+        var chunks = [], gunzip;
+        if (compress && req.headers['content-encoding'] === 'gzip') {
+          gunzip = new compress.Gunzip();
+          gunzip.init();
         }
-        try {
-          if (typeof self.log === 'function') {
-            self.log('received', xml);
+        req.on('data', function(chunk) {
+          if (gunzip)
+            chunk = gunzip.inflate(chunk, 'binary');
+          chunks.push(chunk);
+        });
+        req.on('end', function() {
+          var xml = chunks.join('');
+          var result;
+          var error;
+          if (gunzip) {
+            gunzip.end();
+            gunzip = null;
           }
-          self._process(xml, req, function(result, statusCode) {
-            if (statusCode) {
-              res.statusCode = statusCode;
+          try {
+            if (typeof self.log === 'function') {
+              self.log('received', xml);
             }
-            res.write(result);
+            self._process(xml, req, function(result, statusCode) {
+              if (statusCode) {
+                res.statusCode = statusCode;
+              }
+              res.write(result);
+              res.end();
+              if (typeof self.log === 'function') {
+                self.log('replied', result);
+              }
+            });
+          }
+          catch (err) {
+            error = err.stack || err;
+            res.statusCode = 500;
+            res.write(error);
             res.end();
             if (typeof self.log === 'function') {
-              self.log('replied', result);
+              self.log('error', error);
             }
-          });
-        }
-        catch (err) {
-          error = err.stack || err;
-          res.statusCode = 500;
-          res.write(error);
-          res.end();
-          if (typeof self.log === 'function') {
-            self.log('error', error);
           }
-        }
-      });
+        });
+      }
     }
     else {
       res.end();

test/server-test.js

@@ -202,8 +202,8 @@ describe('SOAP Server', function() {
         body : '<soapenv:Envelope' +
                     ' xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"' +
                     ' xmlns:soap="http://service.applicationsnet.com/soap/">' +
-                '  <soapenv:Header/>' +
                 '  <soapenv:Body>' +
+      '  <soapenv:Header/>' +
                 '</soapenv:Envelope>',
         headers: {'Content-Type': 'text/xml'}
       }, function(err, res, body) {
@@ -215,6 +215,25 @@ describe('SOAP Server', function() {
     );
   });
 
+  it('should 415 on missing Content-type header', function(done) {
+    request.post({
+        url: test.baseUrl + '/stockquote?wsdl',
+        body : '<soapenv:Envelope' +
+                    ' xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"' +
+                    ' xmlns:soap="http://service.applicationsnet.com/soap/">' +
+                '  <soapenv:Header/>' +
+                '  <soapenv:Body>' +
+                '</soapenv:Envelope>',
+        headers: {}
+      }, function(err, res, body) {
+        assert.ok(!err);
+        assert.equal(res.statusCode, 415);
+        assert.equal(body, 'The Content-Type is expected in the headers');
+        done();
+      }
+    );
+  });
+
   it('should server up WSDL', function(done) {
     request(test.baseUrl + '/stockquote?wsdl', function(err, res, body) {
       if (err) {
@@ -360,7 +379,7 @@ describe('SOAP Server', function() {
         assert.equal(0, parseFloat(result.price));
         done();
       }, {
-        soapHeaders: { 
+        soapHeaders: {
           SomeToken: 123.45
         }
       });