use strncasecmp on content type when obtaining a token from POST

closes #72; thanks @roubert

Signed-off-by: Hans Zandbelt <hans.zandbelt@openidc.com>

Author: zandbelt

ChangeLog

@@ -1,3 +1,6 @@
+03/25/2026
+- use strncasecmp on content type when obtaining a token from POST; closes #72; thanks @roubert
+
 02/03/2026
 - code: assign strstr to char instead of const char to compile with globc 2.43
   see #70; thanks @babelouest

src/proto.c

@@ -138,7 +138,8 @@ static char *_oauth2_get_source_token_from_post(
 	    oauth2_http_request_header_content_type_get(log, request);
 	if ((oauth2_http_request_method_get(log, request) !=
 	     OAUTH2_HTTP_METHOD_POST) ||
-	    (strcasecmp(content_type, OAUTH2_CONTENT_TYPE_FORM_ENCODED) != 0)) {
+	    (strncasecmp(content_type, OAUTH2_CONTENT_TYPE_FORM_ENCODED,
+			 strlen(OAUTH2_CONTENT_TYPE_FORM_ENCODED)) != 0)) {
 		oauth2_debug(log, "no form-encoded HTTP POST");
 		goto end;
 	}

test/check_proto.c

@@ -287,6 +287,26 @@ START_TEST(test_proto_get_source_token_post)
 	oauth2_cfg_source_token_free(_log, cfg);
 
 	oauth2_http_request_free(_log, request);
+
+	// also test for "application/x-www-form-urlencoded;charset=UTF-8" etc.;
+	// see #72
+
+	request = oauth2_http_request_init(_log);
+	oauth2_http_request_method_set(_log, request, OAUTH2_HTTP_METHOD_POST);
+	oauth2_http_request_header_set(
+	    _log, request, "Content-Type",
+	    "application/x-www-form-urlencoded;charset=UTF-8");
+
+	cfg = oauth2_cfg_source_token_init(_log);
+	ck_assert_ptr_ne(cfg, NULL);
+	rv = oauth2_cfg_source_token_set_accept_in(_log, cfg, "post", NULL);
+	ck_assert_ptr_eq(rv, NULL);
+	token = oauth2_get_source_token(_log, cfg, request,
+					&_oauth2_check_proto_callbacks, NULL);
+	ck_assert_ptr_ne(token, NULL);
+	ck_assert_str_eq(token, my_post_token);
+	oauth2_mem_free(token);
+	oauth2_cfg_source_token_free(_log, cfg);
 }
 END_TEST