OS-90: ensure all gql calls have check of conten-type, if no - raise 415

sniedzielski · sniedzielski · commit 1c0fbcfd244f · 2025-03-06T15:09:28.000+01:00
diff --git a/openIMIS/openIMIS/views.py b/openIMIS/openIMIS/views.py
@@ -1,5 +1,5 @@
 from django.db import connection, transaction
-from django.http import HttpResponseNotAllowed
+from django.http import HttpResponseNotAllowed, HttpResponse
 from django.http.response import HttpResponseBadRequest
 from .dataloaders import get_dataloaders
 from . import tracer
@@ -86,6 +86,11 @@ def parse_body(self, request):
     def execute_graphql_request(
         self, request, data, query, variables, operation_name, show_graphiql=False
     ):
+        if not request or getattr(request, "content_type", "") != "application/json":
+            raise HttpError(HttpResponse(
+                "Unsupported Media Type: The server only accepts application/json requests.",
+                status=415,
+            ))
         if not query:
             if show_graphiql:
                 return None
