From 601d6a6743754723862891e401834c2f6edb7002 Mon Sep 17 00:00:00 2001
From: Yuri Kuznetsov <yurikuzn@users.noreply.github.com>
Date: Fri, 19 Sep 2025 17:19:49 +0300
Subject: [PATCH] content type check

---
 application/Espo/Core/Controllers/RecordBase.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/application/Espo/Core/Controllers/RecordBase.php b/application/Espo/Core/Controllers/RecordBase.php
index 0d4c2ddea0..3ab0067a26 100644
--- a/application/Espo/Core/Controllers/RecordBase.php
+++ b/application/Espo/Core/Controllers/RecordBase.php
@@ -173,6 +173,10 @@ class RecordBase extends Base implements
      */
     public function postActionCreate(Request $request, Response $response): stdClass
     {
+        if ($request->getHeader('Content-Type') !== 'application/json') {
+            throw new BadRequest("Not supported content type.");
+        }
+
         if (method_exists($this, 'actionCreate')) {
             // For backward compatibility.
             return (object) $this->actionCreate($request->getRouteParams(), $request->getParsedBody(), $request);