0

I use the following code to use my body parser:

app.use(bodyParser.urlencoded({extended:false}), bodyParser.json({limit: 1}));

Based on this document, if we write limit to a number it shows number of byte(s) limit for body parser. My issue is that when I send a long string via post to the server and the JSON string is bigger than 1 byte still I get no error and the data parsed easily.

Matt
  • 68,711
  • 7
  • 155
  • 158
Sam
  • 167
  • 3
  • 14
  • No you could have multiple object parameters in app.use(). please check the below comments in NEO answer – Sam Jan 11 '18 at 22:55

1 Answers1

0

Pls show the code that is not working? I believe you might have initialised body-parser the wrong way or there are other issues.

For example, this code below test limit and it is working by returning a http code 413.

const express = require('express');
const bodyParser = require('body-parser');
const rp = require('request-promise');
const request = require('request');

const app = express();

// change this to 1MB and the test will pass
app.use(bodyParser.json({ limit: '1b' }));
app.post('/', function (req, res) {
res.send('done');
});

//wait for a connection
app.listen(3000, async () => {
    console.log('Server started.');

    const options = {
        url: 'http://localhost:3000/',
        method: 'post',
        json: true,
        body: {
            test: '1234567890'
        },
        resolveWithFullResponse: true
    };
    rp(options).catch((err) => {
        console.log(err);
    });
});
neo
  • 161
  • 5
  • Thanks for the reply Neo as usual! mm unfortunately I could not copy paste codes as it has many dependencies but what I see is that if I use your code and I use the same first code that I wrote : `app.use(bodyParser.urlencoded({extended:false}), bodyParser.json({limit: 1}));` then it works. However, if I send a post message from javascript client and send long string it does not show any error still – Sam Jan 11 '18 at 22:46
  • You can assume simple client post javascript code like : `var myObj={test:'2429384728937489293749823749'};$.post(localhost://testLink,JSON.stringify(myObj),function(data){ return data}`. In this case I do not get error in node independent of the size of myObj object (req object in the testLink route) – Sam Jan 11 '18 at 22:54
  • Are you sure you are sending data as json? Can you inspect your request? see common mistake with ajax/jquery here https://stackoverflow.com/questions/6587221/send-json-data-with-jquery – neo Jan 12 '18 at 03:19
  • good point NEO! however, it looks I used the correct data type but still no error happens with long string type when json limit is 1 byte. I am using `.$post(url,sendData,callback,'json')` as it is described [here](https://www.w3schools.com/jquery/ajax_post.asp). Another issue is that I also want to be independent from user changing data. This means that assume that your solution works ( which for me still is not working). Then the client still could change the client side data type and send very long string to my server like attacking. How can I prevent this then? Thanks again Neo! – Sam Jan 13 '18 at 09:06
  • My friend, according to the jQuery documentation in your link the last parameter `dataType` specify the type of response you want the server response with. Not to enforce your request body type :) Cheers. You can check your request in chrome to confirm. For more information on how to send json body with jQuery, see this link https://stackoverflow.com/questions/6587221/send-json-data-with-jquery – neo Jan 15 '18 at 02:26
  • Thank you Neo!! I will check this and back here again. But one big problem is that anyone who has access to client side could remove this json=true in your $.ajax method. Is there anyway for node js to limit the data size of any type of input request inside the server side? Thanks again!!! – Sam Jan 15 '18 at 09:33
  • refer to my answer here https://stackoverflow.com/questions/48178480/nodejs-req-json-size-limit/48178683?noredirect=1#comment83368924_48178683 – neo Jan 15 '18 at 10:47