From 1cd70d1e875c2331d8a3c57aa8b0fd7267a63973 Mon Sep 17 00:00:00 2001
From: Liam Mitchell <liam.mitchell@epicgames.com>
Date: Wed, 4 Mar 2026 17:52:54 -0800
Subject: Allow requests with invalid content-types unless specified in command
 line or config

---
 src/zenserver/storage/storageconfig.cpp | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'src/zenserver/storage/storageconfig.cpp')

diff --git a/src/zenserver/storage/storageconfig.cpp b/src/zenserver/storage/storageconfig.cpp
index 0f8ab1e98..99d0f89d7 100644
--- a/src/zenserver/storage/storageconfig.cpp
+++ b/src/zenserver/storage/storageconfig.cpp
@@ -496,6 +496,7 @@ ZenStorageServerConfigurator::AddConfigOptions(LuaConfig::Options& LuaOptions)
 	LuaOptions.AddOption("security.encryptionaeskey"sv, ServerOptions.EncryptionKey, "encryption-aes-key"sv);
 	LuaOptions.AddOption("security.encryptionaesiv"sv, ServerOptions.EncryptionIV, "encryption-aes-iv"sv);
 	LuaOptions.AddOption("security.openidproviders"sv, ServerOptions.AuthConfig);
+	LuaOptions.AddOption("security.restrictcontenttypes"sv, ServerOptions.RestrictContentTypes, "restrict-content-types"sv);
 
 	////// workspaces
 	LuaOptions.AddOption("workspaces.enabled"sv, ServerOptions.WorksSpacesConfig.Enabled, "workspaces-enabled"sv);
@@ -649,6 +650,12 @@ ZenStorageServerCmdLineOptions::AddSecurityOptions(cxxopts::Options& options, Ze
 
 	options.add_option("security", "", "openid-provider-url", "Open ID provider URL", cxxopts::value<std::string>(OpenIdProviderUrl), "");
 	options.add_option("security", "", "openid-client-id", "Open ID client ID", cxxopts::value<std::string>(OpenIdClientId), "");
+	options.add_option("security",
+					   "",
+					   "restrict-content-types",
+					   "Restrict content-type in requests to content-types that are not allowed in CORS simple requests",
+					   cxxopts::value<bool>(ServerOptions.RestrictContentTypes),
+					   "");
 }
 
 void
-- 
cgit v1.2.3