---
title: Validate Content-Type In REST Services
impact: MEDIUM
impactDescription: prevents content-type confusion attacks
tags: rest, content-type, validation, api, security, csharp
---

## Validate Content-Type In REST Services

Ensure your API only accepts expected content types to avoid parsing vulnerabilities.

**Incorrect (accepting anything):**

```csharp
[HttpPost]
public IActionResult Upload(IFormFile file) 
{
    // No check on Content-Type or file signature
}
```

**Correct (strict validation):**

```csharp
[HttpPost]
[Consumes("application/json")] // Force valid Content-Type
public IActionResult UpdateData([FromBody] DataModel model)
{
    return Ok();
}

// Manual check for files
public IActionResult Upload(IFormFile file)
{
    if (file.ContentType != "image/png" && file.ContentType != "image/jpeg")
    {
        return BadRequest("Invalid Content-Type");
    }
    // Also validate file signature/magic numbers!
    return Ok();
}
```

**Tools:** Roslyn Analyzers, SonarQube