Skip to content

Minimal API with IFormFile throws when request body is missing and Content-Type header is missing or empty #53630

Closed
@balazsmeszegeto

Description

@balazsmeszegeto

Is there an existing issue for this?

  • I have searched the existing issues

Describe the bug

Having an endpoint with Minimal API and IFormFile:

app.MapPost("/upload", (IFormFile file) => "ok");

Sending a request with incorrect Content-Type, ie:

curl --request POST 'http://localhost:5000/upload' --header 'Content-Type: foo'

will return 415 status, as expected. However, missing or empty (spaces) Content-Type, ie:

curl --request POST 'http://localhost:5000/upload'
curl --request POST 'http://localhost:5000/upload' --header 'Content-Type:'
curl --request POST 'http://localhost:5000/upload' --header 'Content-Type:  '

will throw InvalidOperationException and return 500. I am not 100% familiar with the code in this area (yet), but my understanding is that routing constraint won't exclude the endpoint for missing/empty Content-type, and then parameter binding will throw, while attempting to read HttpRequest.Form. The exception thrown is related to this issue: #49096

Tried changing the signature, with attribute and optional, same behaviour:

app.MapPost("/upload", ([FromForm] IFormFile file) => "ok");
app.MapPost("/upload", ([FromForm] IFormFile? file) => "ok");
app.MapPost("/upload", (IFormFile? file) => "ok");

Expected Behavior

I expect that for endpoints with IFormFile (or its variations like IFormFileCollection) parameters, only valid Content-Type, ie. Content-Type: multipart/form-data; ... will be allowed, excluding missing or empty Content-Type headers. Only valid Content-Type would result in binding parameters from form

Steps To Reproduce

No response

Exceptions (if any)

No response

.NET Version

8.0.101

Anything else?

Checked this issue: #39430 but didn't find this explicitly.

I am happy to contribute, but first would need confirmation that this is indeed a bug and not a design decision I am unaware of 😃

Metadata

Metadata

Assignees

No one assigned

    Labels

    area-minimalIncludes minimal APIs, endpoint filters, parameter binding, request delegate generator etc

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions