Comments (12)
Hi @luisrudge in the future, please open a new issue. I'm providing an example for you here, but if you need to reply, please do so in a new issue, not here.
app.use(bodyParser.json({verify:function(req,res,buf){req.rawBody=buf}}))
This will, of course, increase the risk of DoS attacks on your server.
from body-parser.
This would effectively mean every request would now require twice the RAM usage.
If you look in the readme, you should see that you should only be parsing the body if you need it. This means that if you are going to forward the body as a proxy, this module should not even get invoked on those requests at all and you can simply read raw from the req stream.
If you really want yo use twice the RAM, you can always (ab)use the verify function to use it to attach the raw body buffer to each request.
from body-parser.
A PR implementing this will be rejected, sorry (you can see all the past rejected PRs as well). This makes it easier to DoS a server and encourages bad practices
from body-parser.
This would effectively mean every request would now require twice the RAM usage.
Good point. The body buffer hangs around on every request regardless though. I'm guessing we're letting the gc collect it in getBody
?
from body-parser.
This means that if you are going to forward the body as a proxy, this module should not even get invoked on those requests at all and you can simply read raw from the req stream.
This would be hard considering the conditions required to detect if a registered route indeed will lead to a proxy. I guess I just want the best of both worlds :)
from body-parser.
Yes, if there is no reference, it is collected, as part of how JS works. If you add a reference from req to the Buffer, then the Buffer would now live as long as req instead.
from body-parser.
This would be hard considering the conditions required to detect if a registered route indeed will lead to a proxy. I guess I just want the best of both worlds :)
Well, I would be more than happy to help you. We can discuss why it is hard, how we can make it better, etc. Right now i don't know enough about your route architecture to really say :) But hopefully you are not using this module in a global app.use()
directive.
Feel free to post examples, etc. and we can definitely work towards a good solution.
from body-parser.
But hopefully you are not using this module in a global app.use() directive.
In my particular context we always needed a parsed req.body
at least for non-GET requests. Proxies came about later. I'll be rethinking this nonetheless.
from body-parser.
That's fine. There is a lazy parsing pattern you can do with this middleware/any middleware which may work out for you if you can replace all req.body references with an async req.getBody(function (err, body){
call. Would that be doable?
from body-parser.
I need to have the parsed body and the raw body on all requests to a specific route. How can I do that?
app.use(function(req, res, next) {
var data = '';
req.on('data', function(chunk) {
data += chunk
})
req.on('end', function() {
req.rawBody = data;
next();
});
});
app.use(bodyParser.json());
Doing this, the request hangs forever. I'm assuming that's because the body stream has already been read.
from body-parser.
@dougwilson ok. thanks and sorry about the issue!
from body-parser.
Hi @lxe I'm going to close this issue for now, but if you have any additional questions, please feel free to respond here or even open a new issue :)
from body-parser.
Related Issues (20)
- bodyParser is deprecated, error HOT 1
- bodyparser.json() shown as deprecated? (question) HOT 7
- pass options to qs thru urlencoded? HOT 4
- Cannot catch SyntaxError when user provides invalid JSON in body and content-type: application/json HOT 3
- Support for content-encoding: deflate raw HOT 7
- req.body could not be accessed when send as form data, but works fine with JSON HOT 3
- Pass custom parameters to `qs` HOT 3
- Update iconv-lite to latest 0.6.3 HOT 7
- support for ndjson
- Regular Expression Denial of Service (ReDoS) in [email protected] HOT 3
- Update `debug` dependency (memory leak leading to vulnerability) HOT 1
- api calls made with invalid json HOT 5
- Add support for removing body parser limit HOT 8
- BadRequestError: request size did not match content length HOT 7
- How to handle content-type mismatch? HOT 1
- CVE-2017-20165 - debug HOT 2
- Issue HOT 1
- Debug package version in body parser showing security vulnerability HOT 10
- fails silently if the json has extra whitespace HOT 2
- json middleware does not work on content types with a `+` HOT 9
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from body-parser.