Skip to content

Commit

Permalink
fix: add error handling for attempts to access pages with content-typ…
Browse files Browse the repository at this point in the history
…e other than json (TYPO3-Headless#319)
  • Loading branch information
mateusznarowski committed Nov 7, 2023
1 parent bf64350 commit ca3e006
Showing 1 changed file with 9 additions and 0 deletions.
9 changes: 9 additions & 0 deletions lib/lib/context.js
Original file line number Diff line number Diff line change
Expand Up @@ -108,6 +108,15 @@ async function contextMiddleware (context) {
const response = await app.$typo3.api.getPage(path)
const { data } = response

if (path.startsWith('/typo3')) {
return setErrorContext(context, { response: { status: 403, message: 'The /typo3 subpage is restricted and unavailable for use.' } })
}

const contentType = response.headers['content-type']
if (contentType && !contentType.includes('application/json')) {
return setErrorContext(context, { response: { status: 415, message: 'Unsupported content-type: \'application/json\' expected.' } })
}

if (context.res) {
setResponseHeaders(context, response.headers)
}
Expand Down

0 comments on commit ca3e006

Please sign in to comment.