I’ve just added a bit more security on to the system I’m working on and for that, I needed to check what the Content-type of the content the browser was sending (as I’m looking at checking that it’s an “application/x-amf” content type requested via Flash). Since I’m using Zend_Framework and wanted to make the check in the controller, it seemed sensible to use:
if (!($this->getRequest()->getHeader('Content-type')=='application/x-amf')) {
throw new Exception('Not a valid request');
}
which worked ok in Firefox. However, when testing in Internet Explorer, I always got “Not a valid request”… Why? Well, IE sends a “Content-Type” header instead of “Content-type”: note the different capitalisation!
It gets worse! Google Chrome (based on Apple WebKit), sends “content-type”.
Here’s the summary
Browser | Content type field | Content length field |
---|---|---|
Google Chrome 2.0.172.33 | content-type | Content-Length |
Firefox 3.0.11 | Content-type | Content-Length |
Microsoft Internet Explorer 8.0 | Content-Type | Content-Length |
Safari 4.0 | Content-Type | Content-Length |
Hope it helps somebody else!