mirror of
https://github.com/honojs/hono.git
synced 2024-12-01 11:51:01 +01:00
cca7577cf4
* fix: return status 500 when using validator 'form'
When using `validator('form', ...)` hono is returning a 500 status
when receiving a POST request with a JSON in request body, instead
of a bad request 400, .
This is happenning due to a unhandled error in an
underlying library (@miniflare).
https://github.com/cloudflare/miniflare/pull/711
The code changes in this PR are responsible to prepare the code to
handle possible TypeError that can be thrown in the future, by the lib
doing the FormData parsing, as per, https://fetch.spec.whatwg.org/#dom-body-formdata.
This PR should wait for bugfix on @miniflare.
* fix: json validator allowing Content-Type value other than json/application
Forgery attacks will try to avoid preflight requests when POSTing JSON
payloads manipulating the HTTP header Content-Type. For example, it will
send a JSON payload with `Content-Type=text/plain`, but the request stills
containing a JSON in its body. Those requests must be rejected.
Thus, when using the validator with the target set to `json`, we must
check the Content-Type header.
* fix: change check for json Content-Type header
Change JSON validation to only allow Content-Type header starting with
'application/json'.
Change from regexp test to starsWith builtin function, to make code more
expressive.
---------
Co-authored-by: Bruno Nascimento <bruno.nascimento@csghq.com>
|
||
|---|---|---|
| .. | ||
| index.ts | ||
| validator.ts | ||