forked from gitea/gitea
35 lines
1.1 KiB
Go
35 lines
1.1 KiB
Go
|
package middleware
|
||
|
|
||
|
import (
|
||
|
"net/http"
|
||
|
"strings"
|
||
|
)
|
||
|
|
||
|
// AllowContentEncoding enforces a whitelist of request Content-Encoding otherwise responds
|
||
|
// with a 415 Unsupported Media Type status.
|
||
|
func AllowContentEncoding(contentEncoding ...string) func(next http.Handler) http.Handler {
|
||
|
allowedEncodings := make(map[string]struct{}, len(contentEncoding))
|
||
|
for _, encoding := range contentEncoding {
|
||
|
allowedEncodings[strings.TrimSpace(strings.ToLower(encoding))] = struct{}{}
|
||
|
}
|
||
|
return func(next http.Handler) http.Handler {
|
||
|
fn := func(w http.ResponseWriter, r *http.Request) {
|
||
|
requestEncodings := r.Header["Content-Encoding"]
|
||
|
// skip check for empty content body or no Content-Encoding
|
||
|
if r.ContentLength == 0 {
|
||
|
next.ServeHTTP(w, r)
|
||
|
return
|
||
|
}
|
||
|
// All encodings in the request must be allowed
|
||
|
for _, encoding := range requestEncodings {
|
||
|
if _, ok := allowedEncodings[strings.TrimSpace(strings.ToLower(encoding))]; !ok {
|
||
|
w.WriteHeader(http.StatusUnsupportedMediaType)
|
||
|
return
|
||
|
}
|
||
|
}
|
||
|
next.ServeHTTP(w, r)
|
||
|
}
|
||
|
return http.HandlerFunc(fn)
|
||
|
}
|
||
|
}
|