shuaijinchao commented on a change in pull request #6168:
URL: https://github.com/apache/apisix/pull/6168#discussion_r789293010
##########
File path: apisix/core/request.lua
##########
@@ -223,7 +223,7 @@ function _M.get_body(max_size, ctx)
local file_name = req_get_body_file()
if not file_name then
- return nil
+ return nil, "request body has zero size"
Review comment:
I also found this issue yesterday, so was wondering if it is possible to
add a request method check at the entry of the get_body function. When the
request is not `POST` or `PUT`, the operation is returned directly. Respond
with proper error messages when `if not file_name then`.
This not only follows the rfc7231 specification while avoiding unnecessary
body reading, but is also compatible with existing code.
like this:
```lua
local function check_get_body_method()
-- https://datatracker.ietf.org/doc/html/rfc7231#section-4.3
local method = req_get_method()
method = str_upper(method)
if method ~= "POST" or method ~= "PUT" then
log.info("only `POST` and `PUT` requests are supported to get the
body, ",
"the current request method: ", method)
return false
end
return true
end
function _M.get_body(max_size, ctx)
if not check_get_body_method() then
return
end
...
local file_name = req_get_body_file()
if not file_name then
return nil, "request body has zero size"
end
...
end
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
