vikunja/pkg/routes/api
kolaente cfac0773d7 fix(api/v2): accept real image content-types on avatar upload
Browsers set a real image Content-Type (image/png, image/jpeg, ...) on
the multipart avatar part, while programmatic clients often send
application/octet-stream. The part contentType tag is an allow-list for
Huma's MimeTypeValidator, which runs before the handler; broaden it so
both cases are accepted instead of being rejected with a 422.

The byte-level mimetype.DetectReader check in the handler remains the
real security gate and is unchanged.

Extend the webtest with a case that sends a part declared as image/png
and asserts it reaches the handler successfully.
2026-06-02 11:55:25 +00:00
..
v1 refactor(avatar): share avatar resolution between v1 and v2 handlers 2026-06-02 08:17:00 +00:00
v2 fix(api/v2): accept real image content-types on avatar upload 2026-06-02 11:55:25 +00:00