Some general context: I host a Dokuwiki instance behind a WAF that uses ModSecurity with CoreRuleSet enabled by default. This is not the only web tool I'm hosting and I'm used to disabling specific rules for specific apps when it feels justified.
Today I took the time to update my "Kaos" wiki to the latest "a" release. Immediately after that I tried uploading an image and that failed. Looking into why, I saw that is because the upload was blocked by CRS rule 920420 (which blocks POST requests of content-type "application/octet-stream"). The image uploaded was a "png", and I'm wondering what is at fault here. It could be the browser (I'm nominally using Firefox, but tried with Edge just to be sure), but I didn't face that problem before, while it is certainly not my first image upload. Should the content-type header have been set correctly by the upload code on Dokuwiki's side ? I'm not sure how it should work...
In the meantime, I've disabled that rule, but I feel uneasy as there doesn't seem to be a valid reason to allow POSTing "application/octet-stream" content (ie. of undetermined type) to any part of my wiki :-/
Thanks for any input that might help me wrap my mind around this !