LibreChat/api/server
Danny Avila 6183303653
🔉 fix: Normalize audio MIME types in STT format validation (#12674)
* fix: normalize audio MIME types in STT format validation

Use getFileExtensionFromMime() to normalize non-standard MIME types
(e.g. audio/x-m4a, audio/x-wav, audio/x-flac) before checking against
the accepted formats list in azureOpenAIProvider. This is the same class
of bug as #12608 (text/x-markdown), but for STT audio validation.

Only audio/ and video/ MIME prefixes are normalized to prevent
non-audio types from matching via the webm default fallback.

Export getFileExtensionFromMime for testability.

Fixes #12632

* fix: reject unknown audio subtypes in STT format validation

Use MIME_TO_EXTENSION_MAP for normalization instead of
getFileExtensionFromMime() which falls back to 'webm' for unrecognized
types. Gate raw subtype matching on audio/video prefix to prevent
non-audio types (e.g. text/webm) from passing validation.

Resolves Codex review comment about unknown subtypes silently passing.

---------

Co-authored-by: Tobias Jonas <t.jonas@innfactory.de>
2026-04-15 09:58:07 -04:00
..
controllers 📌 feat: Add Pin Support for Model Specs (#11219) 2026-04-09 18:37:25 -04:00
middleware refactor: Short-Circuit Config Override Resolution (#12553) 2026-04-07 22:38:08 -04:00
routes 🔐 fix: Add Tenant Context to Admin OAuth Callback Routes (#12579) 2026-04-08 20:04:15 -04:00
services 🔉 fix: Normalize audio MIME types in STT format validation (#12674) 2026-04-15 09:58:07 -04:00
utils 🏗️ refactor: Remove Redundant Caching, Migrate Config Services to TypeScript (#12466) 2026-03-30 16:49:48 -04:00
cleanup.js 🧹 refactor: Tighten Config Schema Typing and Remove Deprecated Fields (#12452) 2026-03-29 01:10:57 -04:00
experimental.js ⚖️ refactor: Split Config Route into Unauthenticated and Authenticated Paths (#12490) 2026-03-31 19:22:51 -04:00
index.js ⚖️ refactor: Split Config Route into Unauthenticated and Authenticated Paths (#12490) 2026-03-31 19:22:51 -04:00
index.spec.js 🚦 fix: 404 JSON Responses for Unmatched API Routes (#11976) 2026-02-27 22:49:54 -05:00
socialLogins.js 🔐 feat: Admin Auth Support for SAML and Social OAuth Providers (#12472) 2026-03-30 22:49:44 -04:00