diff options
author | Ed Tanous <edtanous@google.com> | 2023-06-08 02:38:08 +0300 |
---|---|---|
committer | Ed Tanous <ed@tanous.net> | 2023-06-12 23:27:12 +0300 |
commit | db39802be1aa76d11b6d9d83443842aee9f7409e (patch) | |
tree | abe6c56ace1f20047a8fa6faf838d4e6b18e9378 /meson_options.txt | |
parent | 32cdb4a78399fec17442dc2cd36b2e57382475a3 (diff) | |
download | bmcweb-db39802be1aa76d11b6d9d83443842aee9f7409e.tar.xz |
Require content-type by default
Per the input-validation rules that we follow[1], we should ALWAYS be
checking to see that there's a valid content type.
Change the default.
Tested: Only a default change, code compiles.
[1] https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html
Change-Id: I4cd58a5d2fb0a49671fc5ec0398010036c743591
Signed-off-by: Ed Tanous <edtanous@google.com>
Diffstat (limited to 'meson_options.txt')
-rw-r--r-- | meson_options.txt | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/meson_options.txt b/meson_options.txt index 31095007f0..c1beb25e69 100644 --- a/meson_options.txt +++ b/meson_options.txt @@ -318,7 +318,7 @@ option( option( 'insecure-ignore-content-type', type: 'feature', - value: 'enabled', + value: 'disabled', description: '''Allows parsing PUT/POST/PATCH content as JSON regardless of the presence of the content-type header. Enabling this conflicts with the input parsing guidelines, but may be |