From 4fe30bf5ade8849bb3971a0edad95d17d99e8778 Mon Sep 17 00:00:00 2001
From: bas-vk <bas-vk@users.noreply.github.com>
Date: Thu, 9 Nov 2017 10:54:58 +0100
Subject: [PATCH] rpc: check content-type for HTTP requests (#15220)

---
 rpc/http.go | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/rpc/http.go b/rpc/http.go
index 4143e2a8dc..3f572b34c0 100644
--- a/rpc/http.go
+++ b/rpc/http.go
@@ -23,6 +23,7 @@ import (
 	"fmt"
 	"io"
 	"io/ioutil"
+	"mime"
 	"net"
 	"net/http"
 	"sync"
@@ -151,6 +152,16 @@ func (srv *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 			http.StatusRequestEntityTooLarge)
 		return
 	}
+
+	ct := r.Header.Get("content-type")
+	mt, _, err := mime.ParseMediaType(ct)
+	if err != nil || mt != "application/json" {
+		http.Error(w,
+			"invalid content type, only application/json is supported",
+			http.StatusUnsupportedMediaType)
+		return
+	}
+
 	w.Header().Set("content-type", "application/json")
 
 	// create a codec that reads direct from the request body until