You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am seeing a strange issue where I try to send a JSON object via POST, and Request is only putting the first 36 characters into the body, unless I include a Content-length header. I can send the exact same request using the Postman REST client without the header and the entire data is submitted.
app.post(modulePath+'/password/request_reset',function(req,res){varemail=req.body.email;vardata={};data.email=email;data.link=req.headers.origin+"/reset_password/";// At this point, data looks like this:// {"email":"sam.huckaby@website.com","link":"http://website:3333/reset_password/"}// This is required, otherwise I will only get the first 36 charactersreq.headers['Content-length']=JSON.stringify(data).length;request({url: apiPath+routes.FORGOT.password,method: "POST",headers: req.headers,timeout: 10000,followRedirect: true,json: true,body: data},function(response,body){// successres.status(response.statusCode).send(body);},function(response,error){// errorres.status(response.statusCode).send({message: error});returnfalse;});});
Has anyone else seen this issue? Or is there something wildly wrong with my code?
The text was updated successfully, but these errors were encountered:
There are several issues with your code. Your incoming request has a Content-length header, and I bet it's 36. Unless you override it, this gets sent on to request, which you don't want to do.
Passing headers from the client on to an API server is a really bad idea in general, you'll want to whitelist the allowed headers. I'd also suggest using caseless to handle casing for you, something like this:
Note I didn't whitelist the allowed values for each header, you'll probably want to do that too. In fact it's probably better to not even allow the client to pass header values to the API server.
Finally, I also changed your callback code - as written, your second callback would never be called, and your first one had incorrect parameters. We only accept one callback with signature err, response, body, and if there is an error then response and body will not be set.
@nylen I made the mistake of forwarding the headers from a request in to a request out and my content-length was limited. We were getting the strangest issues. After 3 days of bug fixing your advice worked.
I am seeing a strange issue where I try to send a JSON object via POST, and Request is only putting the first 36 characters into the body, unless I include a Content-length header. I can send the exact same request using the Postman REST client without the header and the entire data is submitted.
Has anyone else seen this issue? Or is there something wildly wrong with my code?
The text was updated successfully, but these errors were encountered: