Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: handle whitespace in HTTP Accept header #12292

Conversation

aloisklink
Copy link
Contributor

Currently, using something like Accept: application/my-custom-type,application/json;q=0.9 correctly returns errors as JSON. However, once you add a space to it, e.g. like Accept: application/my-custom-type, application/json;q=0.9, any errors messages returned use HTML instead of JSON.

The HTTP Accept: header, according to RFC 9110

According to RFC 9110, in the HTTP Accept header, there can be OWS (optional whitespace, e.g. zero to unlimited SP (space) or HTAB (horizontal tab)) between the ; and , characters.

If you go to RFC 9110 § 12.5.1 Accept ¶ 3:

  Accept = #( media-range [ weight ] )

  media-range    = ( "*/*"
                     / ( type "/" "*" )
                     / ( type "/" subtype )
                   ) parameters

Where #() is defined as a list, see RFC 9110 § 5.6.1.2 ¶ 2

  #element => [ element ] *( OWS "," OWS [ element ] )

and where OWS is defined in RFC 9110 § 5.6.3 Whitespace ¶ 7 as:

  OWS            = *( SP / HTAB )
                 ; optional whitespace

and where weight is defined as RFC 9110 § 12.4.2 Quality Values ¶ 3 as:

  weight = OWS ";" OWS "q=" qvalue
  qvalue = ( "0" [ "." 0*3DIGIT ] )
         / ( "1" [ "." 0*3("0") ] )

Please don't delete this checklist! Before submitting the PR, please make sure you do the following:

  • It's really useful if your PR references an issue where it is discussed ahead of time. In many cases, features are absent for a reason. For large changes, please create an RFC: https://github.com/sveltejs/rfcs
    • I couldn't find a relevant issue for this, but this bug is pretty minor.
  • This message body should clearly illustrate what problems it solves.
  • Ideally, include a test that fails without this PR but passes with it.

Tests

  • Run the tests with pnpm test and lint the project with pnpm lint and pnpm check

Changesets

  • If your PR makes a change that should be noted in one or more packages' changelogs, generate a changeset by running pnpm changeset and following the prompts. Changesets that add features should be minor and those that fix bugs should be patch. Please prefix changeset messages with feat:, fix:, or chore:.

Edits

  • Please ensure that 'Allow edits from maintainers' is checked. PRs without this option may be closed.

According to [RFC 9110][1], in the HTTP Accept header, there can be OWS
(optional whitespace, e.g. zero to unlimited SP (space) or HTAB
(horizontal tab)) between the `;` and `,` characters.

Without this fix, clients that pass something like
`Accept: application/my-custom-type, application/json;q=0.9` return HTML
error messages instead of JSON.

[1]: https://www.rfc-editor.org/rfc/rfc9110
Copy link

changeset-bot bot commented Jun 2, 2024

🦋 Changeset detected

Latest commit: 5dd89e0

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
@sveltejs/kit Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@benmccann benmccann changed the title fix(kit): handle whitespace in HTTP Accept header fix: handle whitespace in HTTP Accept header Jun 4, 2024
@benmccann benmccann merged commit 0a0e9aa into sveltejs:main Jun 7, 2024
12 checks passed
@github-actions github-actions bot mentioned this pull request Jun 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants