swarm/api/http: Content-Type validation (ethersphere#527)

swarm/api/http/server.go

@@ -252,9 +252,9 @@ func (s *Server) HandlePostRaw(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	if _, err := api.ValidateContentTypeHeader(r); err != nil {
+	if r.Header.Get("Content-Length") == "" {
 		postRawFail.Inc(1)
-		RespondError(w, r, err.Error(), http.StatusBadRequest)
+		RespondError(w, r, "missing Content-Length header in request", http.StatusBadRequest)
 		return
 	}
 
@@ -282,7 +282,14 @@ func (s *Server) HandlePostFiles(w http.ResponseWriter, r *http.Request) {
 	log.Debug("handle.post.files", "ruid", ruid)
 	postFilesCount.Inc(1)
 
-	contentType, params, err := mime.ParseMediaType(r.Header.Get("Content-Type"))
+	contentType, err := api.ValidateContentTypeHeader(r)
+	if err != nil {
+		postFilesFail.Inc(1)
+		RespondError(w, r, err.Error(), http.StatusBadRequest)
+		return
+	}
+
+	contentType, params, err := mime.ParseMediaType(contentType)
 	if err != nil {
 		postFilesFail.Inc(1)
 		RespondError(w, r, err.Error(), http.StatusBadRequest)

swarm/api/http/server_test.go

@@ -1120,7 +1120,7 @@ func TestModify(t *testing.T) {
 			res, body := httpDo(testCase.method, testCase.uri, reqBody, testCase.headers, testCase.verbose, t)
 
 			if res.StatusCode != testCase.expectedStatusCode {
-				t.Fatalf("expected status code %d but got %d", testCase.expectedStatusCode, res.StatusCode)
+				t.Fatalf("expected status code %d but got %d, %s", testCase.expectedStatusCode, res.StatusCode, body)
 			}
 			if testCase.assertResponseBody != "" && !strings.Contains(body, testCase.assertResponseBody) {
 				t.Log(body)