Detect urlencoded form data header via regex

[simov]

Fixes #1313 related to #1310

[nylen]

I can think of a couple ways to break this:

Content-Type: not-really-application/x-www-form-urlencoded
Content-Type: application/x-www-form-urlencoded-not-really

Not sure how much we care about this, but you could fix it by using /^application\/x-www-form-urlencoded\b/ as the regex intead.

[simov]

Yeah, I though about that as well, I can easily switch to the same check used in the code

self.getHeader('content-type').slice(0, 'application/x-www-form-urlencoded'.length) ===
        'application/x-www-form-urlencoded'

[nylen]

👍

[rlidwka]

This should be more strict:

!/^application\/x-www-form-urlencoded(;|$)/.test(...)

.slice() still doesn't protect against application/x-www-form-urlencoded-but-not-really thing.

[simov]

Even this

!/^application\/x-www-form-urlencoded(?:;|$)/.test(...)

slight performance increase :)

Btw is it valid to have an empty space between the urlencoded and the ; like this urlencoded ; ?

[rlidwka]

rfc7231:

media-type = type "/" subtype *( OWS ";" OWS parameter )

Oops... my bad. It can have any combination of spaces and tabs there.

@nylen is right, it's easier to use \b and get it over with.

[simov]

Btw, I pushed the fixed regex yesterday, no idea if notification was sent about it.

[nylen]

Thanks!