Skip to content

Commit

Permalink
fix: set body parser error to status 400 by default
Browse files Browse the repository at this point in the history
closes #5261
  • Loading branch information
fengmk2 committed Oct 12, 2023
1 parent e6399fa commit 8beffdc
Show file tree
Hide file tree
Showing 3 changed files with 26 additions and 4 deletions.
1 change: 0 additions & 1 deletion .github/workflows/nodejs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -14,4 +14,3 @@ jobs:
with:
os: 'ubuntu-latest, macos-latest, windows-latest'
version: '14, 16, 18, 20'
install: 'npm i -g npminstall && npminstall'
9 changes: 8 additions & 1 deletion config/config.default.js
Original file line number Diff line number Diff line change
Expand Up @@ -236,8 +236,15 @@ module.exports = appInfo => {
depth: 5,
parameterLimit: 1000,
},
onerror(err) {
onerror(err, ctx) {
err.message += ', check bodyParser config';
if (ctx.status === 404) {
// set default status to 400, meaning client bad request
ctx.status = 400;
if (!err.status) {
err.status = 400;
}
}
throw err;
},
};
Expand Down
20 changes: 18 additions & 2 deletions test/app/middleware/body_parser.test.js
Original file line number Diff line number Diff line change
@@ -1,5 +1,3 @@
'use strict';

const assert = require('assert');
const querystring = require('querystring');
const utils = require('../../utils');
Expand Down Expand Up @@ -82,6 +80,24 @@ describe('test/app/middleware/body_parser.test.js', () => {
.expect(413);
});

it('should 400 when GET with invalid body', async () => {
app.mockCsrf();
await app.httpRequest()
.get('/test/body_parser/user')
.set('content-type', 'application/json')
.set('content-encoding', 'gzip')
.expect(/unexpected end of file, check bodyParser config/)
.expect(400);

await app.httpRequest()
.get('/test/body_parser/user')
.set('content-type', 'application/json')
.set('content-encoding', 'gzip')
.send({ foo: 'a'.repeat(1024) })
.expect(/incorrect header check, check bodyParser config/)
.expect(400);
});

it('should disable body parser', async () => {
app1 = utils.app('apps/body_parser_testapp_disable');
await app1.ready();
Expand Down

0 comments on commit 8beffdc

Please sign in to comment.