Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ignoring request body in DELETE requests #163

Open
stephenmathieson opened this issue Oct 16, 2019 · 2 comments
Open

Ignoring request body in DELETE requests #163

stephenmathieson opened this issue Oct 16, 2019 · 2 comments

Comments

@stephenmathieson
Copy link

Ignoring request body in DELETE requests

Environment Information

  • koa-body: v4.1.1
  • Koa: v2.8.1
  • Node.js: v10.16.3

Current Behavior

Request body is neither parsed nor assigned to ctx.request.body in DELETE requests.

Steps to Reproduce

  1. Add the middleware to a DELETE request
  2. Make a DELETE request with a request body
  3. console.log(ctx.request.body)

Expected Behavior

The request body should be parsed and assigned to ctx.request.body.

Possible Solution

Follow the spec rather than only parsing request bodies in these HTTP methods.

From the spec:

[...] A payload within a DELETE request message has no defined semantics; sending a payload body on a DELETE request might cause some existing implementations to reject the request [...]

As a work around, I'm just adding the parsedMethods option when creating instantiating the middleware, which seems to be working fine:

const parseJSON = body({
  parsedMethods: ['POST', 'PUT', 'PATCH', 'GET', 'HEAD', 'DELETE']
})

However, it would be nice if this middleware worked as expected by default, rather than having to provide custom options.
@MarkHerhold MarkHerhold mentioned this issue Jun 9, 2020
Open
11 tasks
@lightblu
Copy link

Follow the spec

This has recently been called out as commonly misinterpreted

FTR, this is a common misinterpretation, but that is not what it says and
certainly not what it means.
They have no semantics in the sense that a body cannot change the meaning
of a received request. They are absolutely forbidden to have any impact
whatsoever on the processing or interpretation of the request aside from
the necessity to read and discard the bytes received in order to maintain
the message framing. The only reason we didn't forbid sending a body is
because that would lead to lazy implementations assuming no body would
be sent.

and been clarified in the spec.

1 similar comment
@lightblu
Copy link

Follow the spec

This has recently been called out as commonly misinterpreted

FTR, this is a common misinterpretation, but that is not what it says and
certainly not what it means.
They have no semantics in the sense that a body cannot change the meaning
of a received request. They are absolutely forbidden to have any impact
whatsoever on the processing or interpretation of the request aside from
the necessity to read and discard the bytes received in order to maintain
the message framing. The only reason we didn't forbid sending a body is
because that would lead to lazy implementations assuming no body would
be sent.

and been clarified in the spec.

@melohagan melohagan mentioned this issue May 30, 2024
Merged
@qianl15 qianl15 mentioned this issue Jun 4, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@stephenmathieson @lightblu