Merge pull request #51 from sapcc/dont-read-json-from-non-json-requests

Don't read JSON from request of non application/json content-type
sapcc · Sep 7, 2021 · e68e22c · e68e22c
2 parents f791740 + 9e4ec96
commit e68e22c
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/auditmiddleware/_api.py b/auditmiddleware/_api.py
@@ -381,7 +381,8 @@ def _create_events(self, target_project, res_id,
                 # which contains a list of items
                 res_pl = res_payload[res_spec.type_name]
                 req_pl = None
-                if self._payloads_enabled and res_spec.payloads['enabled']:
+                if self._payloads_enabled and res_spec.payloads['enabled'] \
+                        and request.content_type == 'application/json':
                     req_pl = iter(request.json.get(res_spec.type_name))
 
                 # create one event per item
@@ -435,7 +436,8 @@ def _create_events(self, target_project, res_id,
 
             if event and request.method[0] == 'P' \
                     and self._payloads_enabled \
-                    and res_spec.payloads['enabled']:
+                    and res_spec.payloads['enabled'] \
+                    and request.content_type == 'application/json':
                 self._attach_payload(event, request.json, res_spec)
 
             events = [event]