Forcing 415 Unsupported Media Type
Per RFC 9110 §15.5.16, a server returns 415 when the content type is not supported.
Mechanism: Per RFC 9110 §15.5.16, a server returns 415 when the content type is not supported. Many pipelines validate Content-Type after resolving the resource.
Isolated Variable: Only the Content-Type header changes to an invalid value. The request body remains well-formed.
Oracle Signal: 415 (exists) vs 404 (does not exist).
PATCH — Existing Resource
PATCH /api/users/1001 HTTP/1.1
Host: target.com
Content-Type: application/x-invalid
Content-Length: 16
{"name": "test"}
HTTP/1.1 415 Unsupported Media Type
Content-Type: application/json
{"error": "Unsupported Media Type"}PATCH — Non-Existing Resource
PATCH /api/users/9999 HTTP/1.1
Host: target.com
Content-Type: application/x-invalid
Content-Length: 16
{"name": "test"}
HTTP/1.1 404 Not Found
Content-Type: application/json
{"error": "Not Found"}Mitigation: Validate Content-Type at the routing layer before resource resolution.
Forcing 413 Content Too Large
Per RFC 9110 §15.5.14, if the application enforces size limits after resolving the resource, existing resources return 413 while non-existing ones return 404.
Forcing 422 Unprocessable Content
Per RFC 9110 §15.5.21, a server returns 422 when the payload fails semantic validation.