Require content-type by default

Per the input-validation rules that we follow[1], we should ALWAYS be checking to see that there's a valid content type. Change the default. Tested: Only a default change, code compiles. [1] https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html Change-Id: I4cd58a5d2fb0a49671fc5ec0398010036c743591 Signed-off-by: Ed Tanous <edtanous@google.com>
author: Ed Tanous <edtanous@google.com> 2023-06-08 02:38:08 +0300
committer: Ed Tanous <ed@tanous.net> 2023-06-12 23:27:12 +0300
commit: db39802be1aa76d11b6d9d83443842aee9f7409e (patch)
tree: abe6c56ace1f20047a8fa6faf838d4e6b18e9378 /meson_options.txt
parent: 32cdb4a78399fec17442dc2cd36b2e57382475a3 (diff)
download: bmcweb-db39802be1aa76d11b6d9d83443842aee9f7409e.tar.xz
1 files changed, 1 insertions, 1 deletions
diff --git a/meson_options.txt b/meson_options.txt
index 31095007f0..c1beb25e69 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -318,7 +318,7 @@ option(
 option(
     'insecure-ignore-content-type',
     type: 'feature',
-    value: 'enabled',
+    value: 'disabled',
     description: '''Allows parsing PUT/POST/PATCH content as JSON regardless
                     of the presence of the content-type header.  Enabling this
                     conflicts with the input parsing guidelines, but may be
author	Ed Tanous <edtanous@google.com>	2023-06-08 02:38:08 +0300
committer	Ed Tanous <ed@tanous.net>	2023-06-12 23:27:12 +0300
commit	db39802be1aa76d11b6d9d83443842aee9f7409e (patch)
tree	abe6c56ace1f20047a8fa6faf838d4e6b18e9378 /meson_options.txt
parent	32cdb4a78399fec17442dc2cd36b2e57382475a3 (diff)
download	bmcweb-db39802be1aa76d11b6d9d83443842aee9f7409e.tar.xz