-
Notifications
You must be signed in to change notification settings - Fork 2k
Fixed DoS vector in middleware implementation #101
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
|
+1 |
|
one concern i have is that this 500 is indistinguishable from a 500 returned by the applications behind the proxy. we could add a header 'x-node-proxy-error', or change the status code to one that is proxy specific, the problem is that there isn't one that fits perfectly. |
|
true true, not sure what convention is there |
|
bah, fuck it, let's just change the text body to "Internal Proxy Server Error" :) |
|
beats nothing. looks like squid adds custom 6xx range status codes |
|
node.js should define all kinds of new status codes that all begin with 31337 ;) |
|
Thanks. I'll push this in tonight. |
|
Sorry, been busy with NodeConf SummerCamp. Will push this out when I'm back in NYC tonight. |
|
sounds good thanks man! |
|
Cherry-picked in 07c8d2e. Will be published in |
it's pretty trivial to trigger a
next(err)for almost any middleware, by-design they should be handled in some unified fashion, however the one in this lib just throws. You could also emit an error event with the req/res to conditionally allow users to customize the handling if necessary