Comments (4)
Yes, hapi does handle the Expect: 100-continue
header.
Hapi will automatically send HTTP/1.1 100 Continue
after the onPreAuth
hook has been called and the non-payload auth has succeeded. An error from either stage should prevent it from being sent.
Does that work for you?
from hapi.
Thank you for your response.
I understand that the onPreAuth
hook is triggered, but the control I am looking to implement is a bit more specific. I would like to reject the request body only when both of the following conditions are met:
- The
Expect: 100-continue
header is present in the request headers. - The
Content-Length
header value is below a certain threshold.
Is there a way to check for the presence of the Expect: 100-continue
header within an event or hook, but only under the above conditions?
from hapi.
Yes, I suggest you add your logic to an onPreAuth
hook. If you want to do it at the route level, you can do something like this (not tested):
server.route({
…,
options: {
ext: {
onPreAuth: {
method(request, h) {
if (request.headers.expect === '100-continue' &&
request.headers['content-length'] &&
parseInt(request.headers['content-length']) < threshold) {
throw new Boom.badRequest();
}
}
}
}
}
Hapi doesn't have a public signal that there is continue pending, so I checked the header manually. Though it is probably safer to just use the internal request._expectContinue
property.
from hapi.
Thank you very much.
I think I will be able to implement it successfully thanks to your advice.
from hapi.
Related Issues (20)
- Node sockets timeout after 2 minutes by default HOT 1
- Application errors are not logging, only generating Boom "Internal Server Error" logs HOT 2
- Open-source latest v16 HOT 1
- Cannot bind to Fully qualified domain name (FQDN) HOT 2
- Why does the credentials CORS options accept only false? HOT 4
- [TS] Defining the handler and the return type HOT 2
- Need help in migrating Hapi application to v20.0.1 HOT 1
- Cookie Partition support
- No response when payload is large HOT 2
- Support lambda direct requests over HTTPS HOT 1
- Catbox catbox-memory throws an error but it is not handled properly HOT 1
- Request object does not have query object populated HOT 1
- Build issues HOT 3
- HTTP_METHODS_PARTIAL_LOWERCASE is missing `head` HOT 1
- hapi jwt package not able to recognize comma separated cookie as JWT HOT 3
- Nextjs is not supported as a server HOT 2
- multipart validation doesn't comply with new fetch api HOT 1
- Missing maxParts type in route.d.ts
- using @hapi/cookie, server.auth.strategy setting invalid. Validate function can't be called;
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from hapi.