Merge pull request #752 from ue-foundation/lm/restrict-content-type

Restrict content-type on POST requests to compact binary or JSON
author: Liam Mitchell <[email protected]> 2026-03-09 19:45:28 -0700
committer: GitHub Enterprise <[email protected]> 2026-03-09 19:45:28 -0700
commit: 1cdea42adf7ade0e1950c69bdef2ebf6832fdc59 (patch)
tree: f49a67466d076930541c9d9e0fffeb4bc73a463f /src/zenserver/storage/storageconfig.cpp
parent: Merge pull request #710 from ue-foundation/lm/oidctoken-exe-path (diff)
parent: Merge branch 'main' into lm/restrict-content-type (diff)
download: zen-1cdea42adf7ade0e1950c69bdef2ebf6832fdc59.tar.xz
zen-1cdea42adf7ade0e1950c69bdef2ebf6832fdc59.zip
1 files changed, 7 insertions, 0 deletions
diff --git a/src/zenserver/storage/storageconfig.cpp b/src/zenserver/storage/storageconfig.cpp
index 1554c9e51..e8ccb9097 100644
--- a/src/zenserver/storage/storageconfig.cpp
+++ b/src/zenserver/storage/storageconfig.cpp
@@ -496,6 +496,7 @@ ZenStorageServerConfigurator::AddConfigOptions(LuaConfig::Options& LuaOptions)
 	LuaOptions.AddOption("security.encryptionaeskey"sv, ServerOptions.EncryptionKey, "encryption-aes-key"sv);
 	LuaOptions.AddOption("security.encryptionaesiv"sv, ServerOptions.EncryptionIV, "encryption-aes-iv"sv);
 	LuaOptions.AddOption("security.openidproviders"sv, ServerOptions.AuthConfig);
+	LuaOptions.AddOption("security.restrictcontenttypes"sv, ServerOptions.RestrictContentTypes, "restrict-content-types"sv);
 	LuaOptions.AddOption("security.oidctokenexecutable"sv, ServerOptions.OidcTokenExecutable, "oidctoken-exe-path"sv);
 	LuaOptions.AddOption("security.allowexternaloidctokenexecutable"sv,
 						 ServerOptions.AllowExternalOidcTokenExe,
@@ -655,6 +656,12 @@ ZenStorageServerCmdLineOptions::AddSecurityOptions(cxxopts::Options& options, Ze
 	options.add_option("security", "", "openid-client-id", "Open ID client ID", cxxopts::value<std::string>(OpenIdClientId), "");
 	options.add_option("security",
 					   "",
+					   "restrict-content-types",
+					   "Restrict content-type in requests to content-types that are not allowed in CORS simple requests",
+					   cxxopts::value<bool>(ServerOptions.RestrictContentTypes),
+					   "");
+	options.add_option("security",
+					   "",
 					   "oidctoken-exe-path",
 					   "Path to OidcToken executable",
 					   cxxopts::value<std::string>(OidcTokenExecutable),
author	Liam Mitchell <[email protected]>	2026-03-09 19:45:28 -0700
committer	GitHub Enterprise <[email protected]>	2026-03-09 19:45:28 -0700
commit	1cdea42adf7ade0e1950c69bdef2ebf6832fdc59 (patch)
tree	f49a67466d076930541c9d9e0fffeb4bc73a463f /src/zenserver/storage/storageconfig.cpp
parent	Merge pull request #710 from ue-foundation/lm/oidctoken-exe-path (diff)
parent	Merge branch 'main' into lm/restrict-content-type (diff)
download	zen-1cdea42adf7ade0e1950c69bdef2ebf6832fdc59.tar.xz zen-1cdea42adf7ade0e1950c69bdef2ebf6832fdc59.zip