WebServer: Ignore extra headers within multipart forms

[tcsullivan]

Description of Change

This Pull Request provides a fix for the WebServer library to ignore additional headers that may appear in multipart/form-data uploads. The current code assumes that Content-Disposition headers can only possibly be followed by a Content-Type header, and while that is what the standard (RFC7578) intends, it is also required that any other headers be ignored (see related link).

Currently, when extra header(s) are present the WebServer library will fail to properly locate the start of the submitted data. To fix this, the Content-Type check is simply wrapped in a while loop to skip over any additional headers.

Tests scenarios

I have tested my Pull Request on Arduino-esp32 core v2.0.11 with an ESP32C3 Dev Module with this scenario:

1. Create a file upload form with the WebServer.
2. Send a POST request (in my case, using okhttp) to the WebServer that embeds additional headers, for example with Content-Length:

--f9426897-2492-4877-b202-7f7703681600
content-disposition: form-data; name="firmware"; filename="update.bin"
Content-Type: application/octet-stream
Content-Length: 399366

<data>

3. The current WebServer code will fail to acknowledge the Content-Length header and assume that the file data begins on the empty line that ends the header section, i.e. the WebServer will prepend the newline sequence 0x0D 0x0A to the received file data.

With the provided fix, the header is ignored and the file upload is successful.

Related links

RFC 7578's requirement to ignore other header fields: https://www.rfc-editor.org/rfc/rfc7578#section-4.8

okhttp's fix, not yet in a stable release: square/okhttp#2604 (comment)

[CLAassistant]

All committers have signed the CLA.

[github-actions]

	Messages
📖	🎉 Good Job! All checks are passing!

👋 Hello tcsullivan, we appreciate your contribution to this project!

---

Click to see more instructions ...

This automated output is generated by the PR linter DangerJS, which checks if your Pull Request meets the project's requirements and helps you fix potential issues.

DangerJS is triggered with each push event to a Pull Request and modify the contents of this comment.

Please consider the following:
- Danger mainly focuses on the PR structure and formatting and can't understand the meaning behind your code or changes.
- Danger is not a substitute for human code reviews; it's still important to request a code review from your colleagues.
- To manually retry these Danger checks, please navigate to the Actions tab and re-run last Danger workflow.

Review and merge process you can expect ...

We do welcome contributions in the form of bug reports, feature requests and pull requests.

1. An internal issue has been created for the PR, we assign it to the relevant engineer.
2. They review the PR and either approve it or ask you for changes or clarifications.
3. Once the GitHub PR is approved we do the final review, collect approvals from core owners and make sure all the automated tests are passing.
- At this point we may do some adjustments to the proposed change, or extend it by adding tests or documentation.
4. If the change is approved and passes the tests it is merged into the default branch.

Generated by 🚫 dangerJS against ef3f6fc

[P-R-O-C-H-Y]

@tcsullivan Can you please retest with 3.0.0-alpha3 version or latest master? Just to be sure :)

[tcsullivan]

@P-R-O-C-H-Y I just retested with 3.0.0-alpha3, the issue is still present.