Bug: Valid Content-Type headers ignored in _oauth2_get_source_token_from_post()

[roubert]

The current implementation is too strict, is just looks for a case-insensitve match of the whole string:

liboauth2/src/proto.c

Line 141 in 7914c43

(strcasecmp(content_type, OAUTH2_CONTENT_TYPE_FORM_ENCODED) != 0)) {

Where OAUTH2_CONTENT_TYPE_FORM_ENCODED is "application/x-www-form-urlencoded".

But it's perfectly valid to append a ;charset=… parameter to that MIME type and eg. Google Chrome sends this string by default (when no content type is explicitly specified and fetch() is called with a URLSearchParams object as the body):

application/x-www-form-urlencoded;charset=UTF-8

That's a perfectly valid Content-Type header and there's no reason for why liboauth2 shouldn't accept also such headers here.

[zandbelt]

agree, it should probably use strstr or strncasecmp