Require content-type by default Per the input-validation rules that we follow[1], we should ALWAYS be checking to see that there's a valid content type. Change the default. Tested: Only a default change, code compiles. [1] https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html Change-Id: I4cd58a5d2fb0a49671fc5ec0398010036c743591 Signed-off-by: Ed Tanous <edtanous@google.com>

commit: db39802be1aa76d11b6d9d83443842aee9f7409e [log] [tgz]
author: Ed Tanous <edtanous@google.com> Wed Jun 07 16:38:08 2023 -0700
committer: Ed Tanous <ed@tanous.net> Mon Jun 12 20:27:12 2023 +0000
tree: abe6c56ace1f20047a8fa6faf838d4e6b18e9378
parent: 32cdb4a78399fec17442dc2cd36b2e57382475a3 [diff]
diff --git a/meson_options.txt b/meson_options.txt
index 3109500..c1beb25 100644
--- a/meson_options.txt
+++ b/meson_options.txt

@@ -318,7 +318,7 @@
 option(
     'insecure-ignore-content-type',
     type: 'feature',
-    value: 'enabled',
+    value: 'disabled',
     description: '''Allows parsing PUT/POST/PATCH content as JSON regardless
                     of the presence of the content-type header.  Enabling this
                     conflicts with the input parsing guidelines, but may be
commit	db39802be1aa76d11b6d9d83443842aee9f7409e	[log] [tgz]
author	Ed Tanous <edtanous@google.com>	Wed Jun 07 16:38:08 2023 -0700
committer	Ed Tanous <ed@tanous.net>	Mon Jun 12 20:27:12 2023 +0000
tree	abe6c56ace1f20047a8fa6faf838d4e6b18e9378
parent	32cdb4a78399fec17442dc2cd36b2e57382475a3 [diff]