Ensure contentDisposition.parse is not parsing undefined values

Signed-off-by: Jeremy Ho <jujaga@gmail.com>
bcgov · Aug 9, 2023 · 07f9fa1 · 07f9fa1
1 parent 7b30ccf
commit 07f9fa1
Showing 1 changed file with 12 additions and 9 deletions.
diff --git a/app/src/middleware/upload.js b/app/src/middleware/upload.js
@@ -17,16 +17,19 @@ const currentUpload = (strict = false) => {
     if (!contentLength) return new Problem(411, { detail: 'Content-Length must be greater than 0' }).send(res);
 
     // Check Content-Disposition Header
-    const disposition = req.get('Content-Disposition');
     let filename;
-    if (strict && !disposition) return new Problem(415, { detail: 'Content-Disposition header missing' }).send(res);
-    try {
-      const { type, parameters } = contentDisposition.parse(disposition);
-      if (strict && !type || type !== 'attachment') return new Error('Disposition type is not \'attachment\'');
-      if (strict && !parameters?.filename) return new Error('Disposition missing \'filename\' parameter');
-      filename = parameters?.filename;
-    } catch (e) {
-      return new Problem(400, { detail: `Content-Disposition header error: ${e.message}` }).send(res);
+    const disposition = req.get('Content-Disposition');
+    if (disposition) {
+      try {
+        const { type, parameters } = contentDisposition.parse(disposition);
+        if (strict && !type || type !== 'attachment') return new Error('Disposition type is not \'attachment\'');
+        if (strict && !parameters?.filename) return new Error('Disposition missing \'filename\' parameter');
+        filename = parameters?.filename;
+      } catch (e) {
+        return new Problem(400, { detail: `Content-Disposition header error: ${e.message}` }).send(res);
+      }
+    } else {
+      if (strict) return new Problem(415, { detail: 'Content-Disposition header missing' }).send(res);
     }
 
     // Check Content-Type Header