actionpack/test/dispatch/show_exceptions_test.rb · v6.0.2.rc1 · Rails relative code / rails-deleted-2

Mar 25, 2019

Add the `Mime::Type::InvalidMimeType` error in the default rescue_response: · 378b4fed

Edouard CHIN authored Mar 25, 2019

- https://github.com/rails/rails/pull/35604 introduced a vulnerability fix
  to raise an error in case the `HTTP_ACCEPT` headers contains malformated
  mime type.

  This will cause applications to throw a 500 if a User Agent sends an
  invalid header.

  This PR adds the `InvalidMimeType` in the default `rescue_responses` from
  the ExceptionWrapper and will return a 406. I looked up the HTTP/1.1
  RFC and it doesn't stand what should be returned when the UA
  sends malformated mime type. Decided to get 406 as it seemed to be the
  status the better suited for this.

378b4fed

Add the `Mime::Type::InvalidMimeType` error in the default rescue_response:

Edouard CHIN authored Mar 25, 2019

- https://github.com/rails/rails/pull/35604 introduced a vulnerability fix
  to raise an error in case the `HTTP_ACCEPT` headers contains malformated
  mime type.

  This will cause applications to throw a 500 if a User Agent sends an
  invalid header.

  This PR adds the `InvalidMimeType` in the default `rescue_responses` from
  the ExceptionWrapper and will return a 406. I looked up the HTTP/1.1
  RFC and it doesn't stand what should be returned when the UA
  sends malformated mime type. Decided to get 406 as it seemed to be the
  status the better suited for this.