From 4a6e65226ec7ecb5e1fbfe1b95b76e818861d018 Mon Sep 17 00:00:00 2001
From: Kierre <vel@riseup.net>
Date: Sat, 11 Oct 2025 20:02:24 -0400
Subject: [PATCH] Add validation for POST/PUT/PATCH requests

This was made on my phone
---
 vona/__main__.py | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/vona/__main__.py b/vona/__main__.py
index f0da487..9190ffd 100644
--- a/vona/__main__.py
+++ b/vona/__main__.py
@@ -26,9 +26,20 @@ app.register_blueprint(server)
 app.register_blueprint(apps)
 
 @app.before_request
-async def preflight():
+async def validate_json():
 	if request.method == "OPTIONS":
-		return "", 204
+		return "", 200
+
+	elif request.method in ["PUT", "POST", "PATCH"]:
+		if "media" in request.path:
+			# Don't check media uploads
+			return
+
+		try:
+			request.get_json(force=True)
+		except Exception as e:
+			return jsonify({"error": "Content not JSON.", "errcode": "M_NOT_JSON"}), 400
+
 
 @app.after_request
 async def handle_logging(response):