Bug #55680
openRGW rest API returns responses with header 'Content-Type: application/xml' even when body content type isn't xml
20%
Description
Hi,
I've just tried to receive responses in different formats like json using "format" query parameter and it works.
I've seen my postman client doesn't shows the response in prettified json format and it shows that like a text response.
Then, I've seen the request responses 'Content-Type' header is on 'application/xml' while I received json response.
I tried to reproduced it on different endpoints, latest ceph demo, and our staging rgw on different version and nothing changes.
I've already monitored the postman request with burpsuite to check that if it's a postman (and not rados gateway) bug.
there is the burpsuite output for request:
GET /?format=json HTTP/1.1
Host: 127.0.0.1:8080
X-Amz-Content-Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
X-Amz-Date: 20220514T080922Z
Authorization: AWS4-HMAC-SHA256 Credential=<my-credential>, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=<the-signature>
User-Agent: PostmanRuntime/7.29.0
Accept: /
Postman-Token: e95dcec3-17ee-4c8e-b21c-23227b4dccd2
Accept-Encoding: gzip, deflate
Connection: close
and there is a simple curl example:
curl -v --location --request GET '127.0.0.1:8080/?format=json' \
--header 'X-Amz-Content-Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855' \
--header 'X-Amz-Date: 20220517T030732Z' \
--header 'Authorization: AWS4-HMAC-SHA256 Credential=<my-credential>, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=<singature>
and there is the burpsuite output for response:
HTTP/1.1 200 OK
x-amz-request-id: tx0000093ef8bfe57e4165a-00627f63b2-371b-default
Content-Type: application/xml
Date: Sat, 14 May 2022 08:09:22 GMT
Connection: close
Content-Length: 121
I discovered the code and think the issue is for when `end_headers` called in the `send_response` method of api classes to calculating the 'Content-Length',
with a hardcoded 'content_type' parameter to 'application/xml', or without force_content_type.
By the way I've never contributed to rgw, and I think it's better to double check it. Feel free to contact me if there is anything, that I can help about it.