Priority
Medium — request parsing correctness and clearer generated runtime behavior.
Context
runtime/app/backend.go detects multipart action requests with:
contentType := strings.ToLower(strings.TrimSpace(request.Header.Get("Content-Type")))
return strings.HasPrefix(contentType, "multipart/form-data")
Generated multipart-capable actions then choose between ParseMultipartForm and ParseForm based on this helper.
Problem
A prefix check is not a media-type parser.
Consequences:
- Invalid media types such as
multipart/form-dataevil can be routed into multipart parsing.
- Parameters are not parsed or validated structurally.
- The behavior can drift from Go's normal
mime.ParseMediaType / request parsing expectations.
- Tests may accidentally pin permissive behavior that is not intended as part of the public contract.
The normal HTTP contract is that media types should be parsed as structured values, with parameters separated by semicolons.
Proposed direction
Use mime.ParseMediaType to classify multipart requests:
mediaType, _, err := mime.ParseMediaType(request.Header.Get("Content-Type"))
return err == nil && strings.EqualFold(mediaType, "multipart/form-data")
Malformed multipart content types should produce a deterministic bad-request path rather than being classified by a raw string prefix.
Acceptance criteria
Related
Priority
Medium — request parsing correctness and clearer generated runtime behavior.
Context
runtime/app/backend.godetects multipart action requests with:Generated multipart-capable actions then choose between
ParseMultipartFormandParseFormbased on this helper.Problem
A prefix check is not a media-type parser.
Consequences:
multipart/form-dataevilcan be routed into multipart parsing.mime.ParseMediaType/ request parsing expectations.The normal HTTP contract is that media types should be parsed as structured values, with parameters separated by semicolons.
Proposed direction
Use
mime.ParseMediaTypeto classify multipart requests:Malformed multipart content types should produce a deterministic bad-request path rather than being classified by a raw string prefix.
Acceptance criteria
mime.ParseMediaTypeor an equivalent structured parser.multipart/form-data; boundary=...requests still parse as multipart.multipart/form-dataevilare not treated as multipart.Related