The Content-Type: header is not set correctly

[zip609]

Hello. I discovered a small issue that seems to be related to the fact that when the request body is assembled, the Content-Type header is set to application/x-www-form-urlencoded, which may overwrite any preset Content-Type headers passed via the command line.

To solve this problem, we can modify the setup_request_body method so that it checks if the Content-Type header has already been set before setting the default value. If Content-Type is already set, we won't override it.

Here is the proposed updated setup_request_body method:

fn setup_request_body(
    &self,
    creds: &Credentials,
    csrf: Option<csrf::Token>,
    mut request: RequestBuilder,
) -> RequestBuilder {
    let mut do_body = true;
    if self.strategy == Strategy::BasicAuth {
        // set basic authentication data
        request = request.basic_auth(&creds.username, Some(&creds.password));
    } else if self.strategy == Strategy::Form {
        // set form data
        let fields = payload::parse_fields(self.payload.as_ref(), creds).unwrap();
        let mut form = multipart::Form::new();
        for (key, value) in fields {
            form = form.text(key, value);
        }

        // handle csrf
        if let Some(token) = csrf.as_ref() {
            form = form.text(token.name.clone(), token.value.clone());
        }

        request = request.multipart(form);

        // we already added the --http-body value as fields
        do_body = false;
    }

    // do we have any fields left to add?
    if do_body && self.payload.is_some() {
        if method_requires_payload(&self.method) {
            // add as body
            let mut body = payload::parse_body(self.payload.as_ref(), creds).unwrap();

            // handle csrf
            if let Some(token) = csrf.as_ref() {
                body.push_str(&format!("&{}={}", token.name, token.value));
            }

            request = request.body(body);
            // Check if Content-Type is set already, if not set default
            if !self.headers.contains_key("Content-Type") {
                request = request.header("Content-Type", "application/x-www-form-urlencoded");
            }
        } else {
            // add as query string
            let mut query = payload::parse_fields(self.payload.as_ref(), creds).unwrap();

            // handle csrf
            if let Some(token) = csrf.as_ref() {
                query.push((token.name.clone(), token.value.clone()));
            }

            request = request.query(&query);
        }
    }

    request
}

Notice the section of code that sets the Content-Type header. It now checks if self.headers already contains a Content-Type header. If it does not contain it, it sets the default value. Have a good day.

[evilsocket]

very nice catch! thank you so much ... i've added your fix and credited you in the comment ... next time send a PR so you'll be included in the authors list ^_^

[zip609]

Greetings. Thank you. I don’t know how appropriate this is, I would like to make one proposal to you, this concerns some modification of your application to suit my needs (for a fee). If you are considering something like this, please contact me on Telegram @Zips609