Re-write request Content-Type when decoding #24
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Refs #23
This pull request makes it so that applications see
Content-Type: application/json
(instead ofContent-Type: application/x-msgpack
) in requests.The motivation is to make content and
Content-Type
consistent from the point of view of the application, which may do additional consistency checks, eg for security purposes. FastAPI 0.65.2+ has such a check that prevents a CSRF vulnerability when a client sends JSON data withtext/plain
, which is exempted from CSRF checks.Still pondering, but I think this might be an acceptable, perhaps necessary option. The idea behind
msgpack-asgi
is to serve as a "msgpack-to/from-JSON gateway" afterall.cc @einfachTobi — I'd be happy to hear what you think about this. :-)