From 4a4dc9f250497fcdc84ff7d0aaa99e3c13128bd5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ville=20Skytt=C3=A4?= <ville.skytta@iki.fi>
Date: Sun, 31 Oct 2021 07:54:52 +0200
Subject: [PATCH] Fix too lax expected JSON content-type parsing

E.g. application/jsonfoobar is not expected for it, but ones with
parameters -- for example charset -- are. The IANA registered
application/json-seq is a good example.
---
 CHANGES/6180.bugfix | 1 +
 aiohttp/helpers.py  | 4 +++-
 2 files changed, 4 insertions(+), 1 deletion(-)
 create mode 100644 CHANGES/6180.bugfix

diff --git a/CHANGES/6180.bugfix b/CHANGES/6180.bugfix
new file mode 100644
index 00000000000..55d6938b91f
--- /dev/null
+++ b/CHANGES/6180.bugfix
@@ -0,0 +1 @@
+Fix JSON media type matching to not accept everything starting with application/json.
diff --git a/aiohttp/helpers.py b/aiohttp/helpers.py
index 92c0700ac06..0dd4fa0f6eb 100644
--- a/aiohttp/helpers.py
+++ b/aiohttp/helpers.py
@@ -124,7 +124,9 @@ def iscoroutinefunction(func: Any) -> bool:
         return asyncio.iscoroutinefunction(func)
 
 
-json_re = re.compile(r"(?:application/|[\w.-]+/[\w.+-]+?\+)json", re.IGNORECASE)
+json_re = re.compile(
+    r"(?:application/|[\w.-]+/[\w.+-]+?\+)json(?:\s*;.*)?$", re.IGNORECASE
+)
 
 
 class BasicAuth(namedtuple("BasicAuth", ["login", "password", "encoding"])):