Check only one content type is sent

2015-09-27 18:25:21 -07:00 · 2015-09-27 18:25:21 -07:00 · ba5e9cd3a5
parent 4a32d2c633
commit ba5e9cd3a5
1 changed files with 2 additions and 1 deletions
--- a/va/validation-authority.go
+++ b/va/validation-authority.go
@ -333,7 +333,8 @@ func (va *ValidationAuthorityImpl) validateSimpleHTTP(identifier core.AcmeIdenti
 		return challenge, err
 	}

-	if httpResponse.Header.Get("Content-Type") != "application/jose+json" {
+	contentTypes, ok := httpResponse.Header[http.CanonicalHeaderKey("content-type")]
+	if ok && (len(contentTypes) != 1 || (len(contentTypes) == 1 && contentTypes[0] != "application/jose+json")) {
 		challenge.Status = core.StatusInvalid
 		challenge.Error = &core.ProblemDetails{
 			Type:   core.UnauthorizedProblem,