expressjs / body-parser Goto Github PK
View Code? Open in Web Editor NEWNode.js body parsing middleware
License: MIT License
Node.js body parsing middleware
License: MIT License
This is just such a basic type of the web, it's hard to keep ignoring it. Because of the pattern of this module, though, we really cannot support files. But I don't see why we can support it, but just drop files. Thoughts?
how to set uploadDir ??
Please, can you add arrayLimit (qs library) as optional parameter like a parameterLimit?
For this I created request month ago. ljharb/qs#18
The property destination could be customized (i.e. set it to go somewhere other than req.body
). Originally from #37 (comment)
Please, is this solved?
http://andrewkelley.me/post/do-not-use-bodyparser-with-express-js.html
jQuery does two things somewhat oddly regarding arrays, it would be really helpful if the body parser took these into account.
First, in modern versions of jQuery (>= 1.5), arrays that are included in AJAX data are passed with square brackets appended to their name. This can be overridden by adding the traditional: true
parameter on the client side. Even with that parameter, a single array parameter is interpreted as a string.
Ideally, body parser should have tests specifically to cover jQuery's use of arrays, and should treat any parameter whose name has trailing square brackets as an array regardless of the number of elements.
If you look at the middleware, after I had refactored it, all they are is a call to typeis
and a call to read
. We should add something like bodyParser.generic()
to let people roll their owner simple body parsers.
Working draft: http://www.w3.org/TR/html-json-forms/
Thoughts from qs
: ljharb/qs#63
This support may not even be called extended: true
within the urlencoded
parser; it may move to be an option of the JSON parser.
See comments in #17
Instead of adding raw
as a parser type, why not just always export the pre-parsed buffer as req.rawBody
?
This way, if required, we can easily forward the unadulterated body buffer to upstream proxies and services, without the content-type conditionals required by the raw
type.
How to parse this:
{
"schemas":["urn:scim:schemas:core:1.0"],
"userName":"bjensen",
"name":{
"formatted":"Ms. Barbara J Jensen III",
"familyName":"Jensen",
"givenName":"Barbara"
},
"emails":[{
"type":"home",
"value":"[email protected]"
}],
}
Here's what I'm working with:
var jsonParser = bodyParser.json({ type: 'application/*+json' } );
router.post('/create-account', jsonParser, function(req, res) {
console.log(req.body)
});
Upon updating my project dependencies I realized that url encoded data originating from my client app seemed to be getting severely truncated. Installing previous tags back to 1.5.x seemed to remedy the problem.. 2 quick screenshots illustrate these issues:
Big difference!
Haven't pinned down the change that's responsible for this error, but I thought you should know about this. I'm sticking with the 1.5's for the time being.
Thanks.
Currently there is a types inconsistency in bodyParser.raw()
.
If we have non-empty body -> Buffer
If we have empty body -> Object
https://github.com/expressjs/body-parser/blob/master/lib/types/raw.js#L58-L63
What do you think about returning empty buffer for empty request bodies?
Thanks.
From #39
How can I ensure the raw request body is what is sent? Here's what I'm toying with:
var bodyParser = require('body-parser');
router.use(function(req, res, next) {
var data = '';
req.on('data', function(chunk) {
data += chunk;
});
req.on('end', function() {
req.rawBody = data;
next();
});
});
// retrieve all request body objects
router.use(cookieParser());
router.use(bodyParser());
router.use(methodOverride());
router.post('/login', function(req, res) {
console.log(req.rawBody);
if (!req.body) return res.sendStatus(400);
var options = httpconn.httpOptions({
resource: 'uaa',
resourcePath: '/uaa/login.do',
method: 'POST',
headers: {'Referer': httpconn.buildUri('uaa') + '/uaa/login'}
});
var httpRequest = application.httprequest(options, function(response) {
if(response.statusCode == 302) {
res.send(response.headers);
}
});
httpRequest.write(qs.stringify(req.rawBody));
httpRequest.end();
To use the req.rawBody
middleware, I needed to use -H 'Content-Type: text/plain'
.
I want to ensure that a request with application/x-www-form-urlencoded
maintains the request body as username=myname&password=mypass
without transforming to {'username':'myname','password':'mypass'}
Heys guys!
I have a form that looks more or less like this:
<input type="checkbox" name="checklist[1]" value="1" />
<input type="checkbox" name="checklist[2]" value="1" />
<input type="checkbox" name="checklist[3]" value="1" />
I was expecting that request.body.checklist looked like this (after all checkboxes were checked, of course):
{
'1': '1',
'2': '1',
'3': '1'
}
But what I got was a array, without the indexes I need to associate the result:
['1', '1', '1']
This seems like a bug to me. I would expect the array only for zero-based indexes.
This is more of a question than an issue, but where is the file handling middleware in Express 4?
Hello,
body-parser
doesn't seem to parse the body for DELETE
HTTP request. I need it for my project, is there a way to do it?
Vincent.
SyntaxError: Unexpected token $
at Object.parse (native)
at parse (/etc/acme/webauth/node_modules/body-parser/lib/types/json.js:84:17)
at /etc/acme/webauth/node_modules/body-parser/lib/read.js:102:18
at IncomingMessage.onEnd (/etc/acme/webauth/node_modules/body-parser/node_modules/raw-body/index.js:136:7)
at IncomingMessage.g (events.js:180:16)
at IncomingMessage.emit (events.js:92:17)
at _stream_readable.js:944:16
at process._tickDomainCallback (node.js:486:13)
This doesn't help much in debugging the request. Is there a way to catch this and log a simple warning message?
In express 3.5 we used to have a json verify option. It was quite nice feature to use to get the fully buffered raw body when dealing with facebook X-Hub Signed Requests.
Could we please get this back in? Thanks.
Hello everybody,
i am thinking that should be nice to have an error when i am using bodyparser with unsupported multipart form data request.
I spent a lot of my time to understand it!!!
thanks!
Hello,
I've been trying to pass a bool value to Node.js but I couldn't.
My json object like { archive: false }
before an ajax process. I can get as { "archive": "false" }
. I want to use as a bool value in my database.
Is it possible? Can I get as a bool value?
Have you ever thought of exposing the body-parser middlewares as APIs that can be invoked programmatically, not as middleware, like qs does? With qs, I can do something like req.query = qs.parse(parseurl(req).query, {});
and I'd love to be able to do the same with body-parser. If not, not big deal as I can create some async chain that will call the two body-parsers in order and then call my middleware logic function. I just figured I'd ask, might even submit the PR if you're open to the idea.
POST
Header: Content-Type application/x-www-form-urlencoded
Data: "a%5B%5D=1&a%5B%5D=&a%5B%5D=3"
Expected
{ a: [ '1', '', '3' ] }
Actual
{ a: [ '1', '3' ] }
Hello.
I have this code:
var express = require("express")
var bp = require("body-parser")
var app = express()
var bpurle= app.use(bp.urlencoded({ extended: false }))
var bpjson= app.use(bp.json())
app.post("/urle", bpurle, function(req, res) {
if (req.body === undefined) {return(console.log("There aren't any data"))}
console.log("Received data via URL-Encode:\n" + req.body)
})
app.post("/json", bpjson, function(req, res) {
if (req.body === undefined) {return(console.log("There aren't any data"))}
console.log("Received data via JSON:\n" + JSON.stringify(req.body,null,2))
})
app.listen(4000)
When I execute...
curl -X POST http://127.0.0.1:4000/urle -d "data1=value1&data2=1234"
...I get this error:
RangeError: Maximum call stack size exceeded
at next (/home/q2dg/node_modules/express/lib/router/index.js:168:16)
at next (/home/q2dg/node_modules/express/lib/router/route.js:100:14)
at Layer.handle_error (/home/q2dg/node_modules/express/lib/router/layer.js:54:12)
at next (/home/q2dg/node_modules/express/lib/router/route.js:108:13)
at /home/q2dg/node_modules/express/lib/router/index.js:603:15
at next (/home/q2dg/node_modules/express/lib/router/index.js:246:14)
at next (/home/q2dg/node_modules/express/lib/router/route.js:100:14)
at Layer.handle_error (/home/q2dg/node_modules/express/lib/router/layer.js:54:12)
at next (/home/q2dg/node_modules/express/lib/router/route.js:108:13)
at /home/q2dg/node_modules/express/lib/router/index.js:603:15
When I execute...
curl -X POST http://127.0.0.1:4000/json -d "{'data1':'value1','data2':'1234'}" -H "Content-Type:application/json"
...I get this error:
SyntaxError: Unexpected token '
at Object.parse (native)
at parse (/home/q2dg/node_modules/body-parser/lib/types/json.js:76:17)
at /home/q2dg/node_modules/body-parser/lib/read.js:98:18
at IncomingMessage.onEnd (/home/q2dg/node_modules/body-parser/node_modules/raw-body/index.js:136:7)
at IncomingMessage.g (events.js:199:16)
at IncomingMessage.emit (events.js:104:17)
at _stream_readable.js:907:16
at process._tickCallback (node.js:372:11)
Thanks!
I believe that bodyParser should not respond with a 400 due to a missing body on a DELETE request.
In a web app I am working on, we do not provide a body in our DELETE rest requests, as all information for the delete is included in the URI. Therefore, Chrome does not send a Content-Length
header for ajax delete requests. This causes the bodyParser middleware to respond with a 400 error due to the body buffer having zero length.
While I agree that is necessary for PUT and POST requests, DELETE does not specifically define semantics for the message body. Therefore it should permit a missing body for such requests. According to the spec,
A server SHOULD read and forward a message-body on any request; if the request method does not include defined semantics for an entity-body, then the message-body SHOULD be ignored when handling the request.
A simple solution for DELETE requests that are missing a content-length header would be to simply set req.body = {};
.
I realize that many server packages support sending a body for DELETE requests, and this would still support that.
Are there any thoughts on this topic, or any considerations I am overlooking that would make implementing this a bad thing?
The qs module has a nesting limit, which defaults to 5. This can be overriden with an option; however within the body-parser module there is no way to set that. Body-parser should expose that option via config somehow.
See https://github.com/hapijs/qs#parsing-objects for more info on the qs option.
I had this working before but now have updated to newer body parser in which I have tried both
app.use(bodyParser.urlencoded({
extended: false
}));
and
app.use(bodyParser.urlencoded({
extended: true
}));
with no success.
I've got the following form posting
<form action='/testform' method="post">
<input type="text" name="first_name" value="John">
<input type="text" name="last_name" value="Doe">
<input type="text" name="food[name]" value="Lasagna">
<input type="text" name="food[type]" value="Dinner">
<input type="text" name="food[origin]" value="Italy">
<input type="text" name="order[0][quantity]" value="5">
<input type="text" name="order[0][size]" value="small">
<input type="text" name="order[0][status]" value="frozen">
<input type="text" name="order[1][quantity]" value="2">
<input type="text" name="order[1][size]" value="large">
<input type="text" name="order[1][status]" value="cooked">
<input type="hidden" name="_csrf" value="<%- token %>">
<input name="submit" type="submit" value="submit"/>
</form>
with extended:false, looking at req.body I get:
{ first_name: 'John',
last_name: 'Doe',
'food[name]': 'Lasagna',
'food[type]': 'Dinner',
'food[origin]': 'Italy',
'order[0][quantity]': '5',
'order[0][size]': 'small',
'order[0][status]': 'frozen',
'order[1][quantity]': '2',
'order[1][size]': 'large',
'order[1][status]': 'cooked',
_csrf: 'rXgHoLAH-yZJ34JdmcM9Ry2bHCwraxcovMtg',
submit: 'submit' }
or with extended: true
{ first_name: 'John',
last_name: 'Doe',
food: { name: 'Lasagna', type: 'Dinner', origin: 'Italy' },
order: [ { status: 'frozen' }, { status: 'cooked' } ],
_csrf: 'rXgHoLAH-yZJ34JdmcM9Ry2bHCwraxcovMtg',
submit: 'submit' }
What I expect:
{ first_name: 'John',
last_name: 'Doe',
food: { name: 'Lasagna', type: 'Dinner', origin: 'Italy' },
order: [ { quantity: 5, size:'small', status: 'frozen' }, { quantity: 2, size: 'large', status: 'cooked' } ],
_csrf: 'rXgHoLAH-yZJ34JdmcM9Ry2bHCwraxcovMtg',
submit: 'submit' }
Hi
After I upgrade body-parser module from 1.3.x to last version (1.9) this message error occurred
Error: unsupported charset "UTF8"
at urlencodedParser (/mypath/node_modules/body-parser/lib/types/urlencoded.js:76:17)
at Layer.handle [as handle_request] (/mypath/node_modules/express/lib/router/layer.js:76:5)
at trim_prefix (/mypath/node_modules/express/lib/router/index.js:270:13)
at /mypath/node_modules/express/lib/router/index.js:237:9
at Function.proto.process_params (/mypath/node_modules/express/lib/router/index.js:312:12)
at /mypath/node_modules/express/lib/router/index.js:228:12
at Function.match_layer (/mypath/node_modules/express/lib/router/index.js:295:3)
at next (/mypath/node_modules/express/lib/router/index.js:189:10)
at expressInit (/mypath/node_modules/express/lib/middleware/init.js:23:5)
at Layer.handle [as handle_request] (/mypath/node_modules/express/lib/router/layer.js:76:5)
Since today after having done npm update
, using
"body-parser": "^1.3.0",
"express": "^4.4.1",
I get the following warning message at the console
body-parser deprecated bodyParser: use individual json/urlencoded middlewares
urlencoded: explicitly specify "extended: true" for extended parsing
How do I get rid of these ?
Thank you.
For instance, the ability to parse Content-types === 'xxx+json', like application/vnd.api+json
, fi.
Currently bodyParser.json()
only parses Content-types === 'application/json', which is very limited.
Thanks
Related: #13
I have run into an issue with urlencoded sparse arrays and the way the qs module is handling them:
When creating arrays with specific indices, qs will compact a sparse array to only the existing values preserving their order.
Qs.parse('a[1]=b&a[15]=c'); // { a: ['b', 'c'] }
Ideally I would like to be able to pass options to the qs.parse()
call so that I can override the arrayLimit
option. I believe the syntax for doing this could look something like this:
bodyParser.urlencoded({
extended: {
arrayLimit: 0
}
})
The extended
option would still evaluate to "truthy" and would therefore use the qs module for parsing, but it would also allow developers to override the current hardset arrayLimit
option passed to qs.parse()
(along with any other qs specific options).
Hi there,
I'm using express + body-parser in my app and I ran into some very odd issue with deeper keys in a nested object coming out with brackets surrounding the keys, took me a while to figure out what was causing it.
Apparently qs
accepts a depth
option in order to go deeper... is there any support planned for this, or should I write my own qs parser in that case?
Cheers
The "express route-specific" example is not working, specifically req.body
always contains a value so this condition is always false:
if (!req.body) return res.sendStatus(400)
And this is because of this:
return function jsonParser(req, res, next) {
if (req._body) return next()
req.body = req.body || {} // <- A value is set to a blank object even if typeis fails
if (!typeis(req, type)) return next()
Which is here:
Line 81 in df1d88a
So two questions that I have is:
I see that you have arrayLimit set to 100 which you pass onto qs module when the extended parser is being used, but this is not configurable by the end user, neither parameterLimit effects this. Can you expose this? This seems pretty trivial to me.
It's too bad using qs
is the default, but at least we should provide an option to use something else like querystring
that can parse flat to reduce the attack surface of applications. This would let users parse with urlencoded and not have to handle complex values.
In the past, this module used to parse json data no matter the Content-Type header was set or not, but since the inclusion of the type-is module, it has changed and now even if the data sent from the client is in json format, it won't parse it unless the Content-Type header is set to application/json.
Is this the way to use this module from now on or is this something intended to be changed in the future?
Cheers!
Any plan for support of deserializing dates as objects?
In case of marformed json, body-parser passes generic SyntaxError
. I perform error processing in the end of middleware chain, while app.use(bodyParser.json());
is at the beginning. Other middlewares can potentially throw SyntaxError
too. Currently I can not distinguish SyntaxError which comes from body-parser (I wish to respond with 400 Bad Request) and other SyntaxErrors (I respond with 500 Server Error), so I workaround it intercepting and wrapping SyntaxError
just after body-parser, like this:
// Parse JSON requests using body-parser
app.use(bodyParser.json());
// Intercept SyntaxError from body-parser
app.use(function(err, req, res, next) {
if (err && err.name == 'SyntaxError') {
// Wrap error
next(new VError(err, 'Malformed JSON'));
} else {
next(err);
}
});
...other middlewares...
// Handle errors
app.use(function(err, req, res, next) {
if (err) switch (err.name) {
case 'VError':
err = err.cause();
switch (err.name) {
case 'ValidationError':
case 'SyntaxError':
logger.debug(err.stack);
res.json(400, err.errors); // Bad request
break;
}
break;
default:
logger.error(err.stack);
res.send(500);
return;
}
});
Is it possible to add custom error for this scenario? Or maybe I misunderstood something?
Thank you in advance for help!
This module is missing the verify
option from the old connect
middleware, as implemented here: senchalabs/connect@3c5cbc9
Was this intentional, or should I add it back?
senchalabs/connect#1025 -- I put this error there first, but was directed here.
I just found a wierd bug when using bodyParser and form arrays.
I have a form elements with names of
items[1]
items[2]
etc.
When these submit, I get an array from bodyParser that looks like:
{ items: ['on', 'on'] }
rather than:
{ items: { 1: 'on', 2: 'on' } }
If instead I change the form to have names of
items[id_1]
items[id_2]
it works great (except now I need to replace id_)
dougwilson over on the other form brings up a good point against treating it like an array, but honestly just dropping the values on the floor is worse than the possible problem. Making it always an object if the id's are specified seems like the only answer. That way it works the same as PHP does, which makes a lot of sense.
Hi,
This issue seem that belong to the "raw-body" package that "body-parser" uses.
I found a problem that when the content-length header field is not set (in case that i'm using ajax with http verb DELETE by browser doesn't send content-length), and data length is smaller than the limit bytes, the "end" event is never fired so my callback handler is never called. Is there any way for solving this issue, such as setting a timeout?
Thanks.
See https://github.com/expressjs/body-parser/blob/master/lib/types/text.js#L51
Would expect it to read req.body = req.body || ''
instead of req.body = req.body || {}
With this line, req.body will return an object when no body is provided
Hi,
I came up with an error, where client tried to post "javascript", not JSON to the express server.
e.g. body was
{ key: "value" }
This caused express app probably crashed and sent error code 0 back to client.
This affects only json body parser
@dougwilson @jonathanong @andrewrk Hey guys- I hadn't noticed this repo until very recently. We're using Skipper (which currently uses multiparty) in the Sails beta (which is currently on Express 3- we've been waiting to upgrade until after we get everything else out to reduce the number of variables).
Anyways I'm very interested in combining our efforts, whether that's depending on this module, or pulling out shared dependencies, before we upgrade to E4, or after, etc. Would you be down to chat about it this weekend or next week some time?
Hi i'm using v1.3.0 & occasionally get following error :
TypeError: Cannot call method 'getFileName' of undefined
at callSiteLocation (/mnt/applane/dev/node_modules/body-parser/node_modules/depd/index.js:221:23)
at Function.log (/mnt/applane/dev/node_modules/body-parser/node_modules/depd/index.js:166:12)
at deprecate (/mnt/applane/dev/node_modules/body-parser/node_modules/depd/index.js:103:9)
at Function.urlencoded (/mnt/applane/dev/node_modules/body-parser/lib/types/urlencoded.js:41:5)
at bodyParser (/mnt/applane/dev/node_modules/body-parser/index.js:74:29)
at eval (eval at wrapfunction (/mnt/applane/dev/node_modules/body-parser/node_modules/depd/index.js:344:5), :3:11)
at Layer.handle (/mnt/applane/dev/node_modules/ApplaneDB/lib/Http.js:391:13)
at trim_prefix (/mnt/applane/dev/node_modules/express/lib/router/index.js:254:17)
at /mnt/applane/dev/node_modules/express/lib/router/index.js:216:9
at Function.proto.process_params (/mnt/applane/dev/node_modules/express/lib/router/index.js:286:12)
This is an issue to track the move of generic body buffering of a request to another lib.
I am currently running an Express 4.x project with the app using the body-parser module app.use(bodyParser());
Whenever I am trying to access the query parameters vs req.query.param (e.g. req.query.offset) a value of undefined is returned. However when I run req.query() the expected query string is returned offset=0
Is there something I am not adding to my application or am I using req.query incorrectly?
Right now this module does not care what the charset is set to in the request, just blindly assuming it is utf-8. This works fine in general, until someone sends non-utf8 data (mainly to urlencoded) and garbage comes out. I'm not suggesting we support all the charsets and codepages, but at least make it an error to specify a charset we know we don't support.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.