Browsers set a real image Content-Type (image/png, image/jpeg, ...) on the multipart avatar part, while programmatic clients often send application/octet-stream. The part contentType tag is an allow-list for Huma's MimeTypeValidator, which runs before the handler; broaden it so both cases are accepted instead of being rejected with a 422. The byte-level mimetype.DetectReader check in the handler remains the real security gate and is unchanged. Extend the webtest with a case that sends a part declared as image/png and asserts it reaches the handler successfully. |
||
|---|---|---|
| .. | ||
| scalar | ||
| admin_projects.go | ||
| avatar.go | ||
| avatar_upload.go | ||
| docs.go | ||
| errors.go | ||
| errors_test.go | ||
| huma.go | ||
| labels.go | ||
| project_views.go | ||
| task_duplicate.go | ||
| types.go | ||