From 51a113638075de3a18b84cded04d831d7995f207 Mon Sep 17 00:00:00 2001 From: netkas Date: Fri, 27 Sep 2024 14:21:08 -0400 Subject: [PATCH] Improve header validation and error messages in RpcHandler --- src/Socialbox/Classes/RpcHandler.php | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/src/Socialbox/Classes/RpcHandler.php b/src/Socialbox/Classes/RpcHandler.php index 22c64bf..810c3d7 100644 --- a/src/Socialbox/Classes/RpcHandler.php +++ b/src/Socialbox/Classes/RpcHandler.php @@ -31,10 +31,9 @@ class RpcHandler try { $headers = Utilities::getRequestHeaders(); - foreach(StandardHeaders::getRequiredHeaders() as $header) { - if(!isset($headers[$header])) + if (!isset($headers[$header])) { throw new RpcException("Missing required header: $header", 400); } @@ -50,9 +49,9 @@ class RpcHandler break; case StandardHeaders::CONTENT_TYPE: - if($headers[$header] !== 'application/json') + if(!str_contains($headers[$header], 'application/json')) { - throw new RpcException("Invalid Content-Type header: Expected application/json", 400); + throw new RpcException(sprintf("Invalid Content-Type header: Expected application/json, got %s", $headers[$header]), 400); } break; @@ -81,7 +80,7 @@ class RpcHandler // If no signature is provided, it must be required if the client is providing a Session UUID if($clientRequest->getSignature() === null) { - throw new RpcException(sprintf('Unauthorized request, signature required for session based requests', StandardHeaders::SIGNATURE->value), 401); + throw new RpcException(sprintf('Unauthorized request, signature required for session based requests'), 401); } try