Comma-delimited Accept header is not correctly parsed

[element533]

DESCRIPTION

When multiple Accept request-header values are supplied, the request always fails with status 406 Not Acceptable. This is true even if one of the header values is valid.

This is an issue when manually navigating to an API in a browser for testing purposes, since the browser always supplies a list of Accept header values. Note that a typical browser includes */* in its Accept list, but JADNC still rejects the request. (I am using Chrome).

STEPS TO REPRODUCE

1. Run the JsonApiDotNetCoreExample project
2. Navigate to http://localhost:14140/api/v1/articles in a browser

Alternatively, you may use the development tool of your choice to send the following request:

GET /api/v1/articles HTTP/1.1
Host: localhost:14140
Accept: */*,text/html
Content-Length: 0

EXPECTED BEHAVIOR

• Response status should be 200 OK
• Response body should contain resource document with empty data array

ACTUAL BEHAVIOR

• Response status is 406 Not Acceptable
• Response body contains error document with title "The specified Accept header value does not contain any supported media types."

VERSIONS USED

• JsonApiDotNetCore version: 4.0.4
• ASP.NET Core version: 3.1.10
• Entity Framework Core version: N/A
• Database provider: N/A

[element533]

The cause is this line of code: https://github.com/json-api-dotnet/JsonApiDotNetCore/blob/v4.0.4/src/JsonApiDotNetCore/Middleware/JsonApiMiddleware.cs#L100

The expression httpContext.Request.Headers["Accept"] returns a single comma-delimited string instead of a collection of string values. Changing it to httpContext.Request.Headers.GetCommaSeparatedValues("Accept") correctly returns a collection.

[bart-degreed]

Thanks a lot for reporting this and tracking it down! I have a PR (#973) ready that fixes this.