From db39802be1aa76d11b6d9d83443842aee9f7409e Mon Sep 17 00:00:00 2001
From: Ed Tanous <edtanous@google.com>
Date: Wed, 7 Jun 2023 16:38:08 -0700
Subject: Require content-type by default

Per the input-validation rules that we follow[1], we should ALWAYS be
checking to see that there's a valid content type.

Change the default.

Tested: Only a default change, code compiles.

[1] https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html

Change-Id: I4cd58a5d2fb0a49671fc5ec0398010036c743591
Signed-off-by: Ed Tanous <edtanous@google.com>
---
 meson_options.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'meson_options.txt')

diff --git a/meson_options.txt b/meson_options.txt
index 31095007f0..c1beb25e69 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -318,7 +318,7 @@ option(
 option(
     'insecure-ignore-content-type',
     type: 'feature',
-    value: 'enabled',
+    value: 'disabled',
     description: '''Allows parsing PUT/POST/PATCH content as JSON regardless
                     of the presence of the content-type header.  Enabling this
                     conflicts with the input parsing guidelines, but may be
-- 
cgit v1.2.3