## Problem POST requests parse body as JSON without checking the `Content-Type` header. This reduces defense in depth. ## Location `src/viewer/server.ts:686` ## Suggested Fix Validate that `Content-Type` header contains `application/json` before parsing POST body.
Problem
POST requests parse body as JSON without checking the
Content-Typeheader. This reduces defense in depth.Location
src/viewer/server.ts:686Suggested Fix
Validate that
Content-Typeheader containsapplication/jsonbefore parsing POST body.