From a9091eaa67bd2ebbb4876549ff33a33600276040 Mon Sep 17 00:00:00 2001
From: George Claghorn <george@basecamp.com>
Date: Thu, 27 Jul 2017 16:52:57 -0400
Subject: Validate Content-Length

---
 app/controllers/active_storage/disk_controller.rb | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/active_storage/disk_controller.rb b/app/controllers/active_storage/disk_controller.rb
index 6be88d2857..76377a0f20 100644
--- a/app/controllers/active_storage/disk_controller.rb
+++ b/app/controllers/active_storage/disk_controller.rb
@@ -45,9 +45,7 @@ class ActiveStorage::DiskController < ActionController::Base
       ActiveStorage.verifier.verified(params[:encoded_token], purpose: :blob_token)
     end
 
-    # FIXME: Validate Content-Length when we're using integration tests. Controller tests don't
-    # populate the header properly when a request body is provided.
     def acceptable_content?(token)
-      token[:content_type] == request.content_type
+      token[:content_type] == request.content_type && token[:content_length] == request.content_length
     end
 end
-- 
cgit v1.2.3