-
Notifications
You must be signed in to change notification settings - Fork 10
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Node HTTP: Handling Request Body Conversion #59
base: main
Are you sure you want to change the base?
Conversation
What does your middleware chain look like without Ideally, Edge-CSRF should leave request body parsing decisions to code further downstream since that isn't the purpose of the project. This is the intention of line 33: req.body = Buffer.concat(buffer); which passes along the raw content of the request body without parsing it. Next.js or another handler is probably checking to see if the request Can you try this version of function getRequestBody(req: IncomingMessage): Promise<string> {
return new Promise((resolve, reject) => {
const buffer: any[] = [];
const onAborted = () => {
reject(new Error('request aborted'));
};
const onData = (chunk: any) => {
buffer.push(chunk);
};
const onEnd = () => {
// concatenate all the chunks into a single buffer
const bodyBuffer = Buffer.concat(buffer);
// create a new Readable stream from the buffered data
const newStream = new Readable();
newStream.push(bodyBuffer);
newStream.push(null);
// Replace the original request's stream with the new one
Object.assign(req, {
read: newStream.read.bind(newStream),
pipe: newStream.pipe.bind(newStream),
unpipe: newStream.unpipe.bind(newStream),
on: newStream.on.bind(newStream),
pause: newStream.pause.bind(newStream),
resume: newStream.resume.bind(newStream),
});
// Resolve the promise with the body as a string
resolve(bodyBuffer.toString());
};
const onErr = (err: Error) => {
reject(err);
};
const onClose = () => {
req.removeListener('data', onData);
req.removeListener('end', onEnd);
req.removeListener('error', onErr);
req.removeListener('aborted', onAborted);
req.removeListener('close', onClose);
};
// Attach listeners
req.on('aborted', onAborted);
req.on('data', onData);
req.on('end', onEnd);
req.on('error', onErr);
req.on('close', onClose);
});
} |
@mkoumila Have you had a chance to try the suggested patch? |
Hey @amorey , Sorry for late answering, i out-of-office. Thanks for your support |
@mkoumila Have you had a chance to try the patch? |
@mkoumila Any updates? Would be great to patch the code and close this pr. |
Hi,
I'm using @edge-csrf/node-http in my project which has a form that sends data from Next.js ( using custom Node server ) to Drupal CMS. After integrating @edge-csrf/node-http in my project the Post request payload was in the format of Buffer instead of an array, example:
Instead of :
Problem: The @edge-csrf/node-http package was improperly converting request bodies to strings without considering their content type, leading to issues with specific formats like application/x-www-form-urlencoded.
Solution: A patch was implemented to check the Content-Type header and appropriately convert the Buffer to a string or JSON, ensuring correct downstream processing.