Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: warn when json validator does not find a content type in the request #3707

Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

feat: warn when json validator does not find a content type in the request #3707

wants to merge 3 commits into from
+6 −0

Conversation

Soviut
Copy link

@Soviut Soviut commented Nov 28, 2024
edited
Loading

When a validator has a target 'json' it will now warn if a request is missing a Content-Type: application/json header.

Closes honojs/middleware#841

Added some docs too honojs/website#540

The author should do the following, if applicable

  • Add tests
  • Run tests
  • bun run format:fix && bun run lint:fix to format the code
  • Add TSDoc/JSDoc to document the code

@Soviut Soviut changed the title warn when json validator does not find a content type in the request feat: warn when json validator does not find a content type in the request Nov 28, 2024
This was referenced Nov 28, 2024
Merged
Open
@yusukebe
Copy link
Member

Thanks! I'll check it later.

Soviut added a commit to Soviut/website that referenced this pull request Nov 30, 2024
@Soviut
fixed a few typos
d635a2f 
- Fixed a code typo that said `.get` instead of `.post`
- Updated wording about "warning" in anticipation of honojs/hono#3707
- Reworded code block descriptors
@Soviut Soviut mentioned this pull request Nov 30, 2024
Merged
yusukebe pushed a commit to honojs/website that referenced this pull request Dec 2, 2024
@Soviut
fixed a few typos (#541)
e406b68 
- Fixed a code typo that said `.get` instead of `.post`
- Updated wording about "warning" in anticipation of honojs/hono#3707
- Reworded code block descriptors
@codecov Codecov
Copy link

codecov bot commented Dec 2, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 91.70%. Comparing base (190e122) to head (d83827f).
Report is 2 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #3707   +/-   ##
=======================================
  Coverage   91.70%   91.70%           
=======================================
  Files         159      159           
  Lines       10158    10164    +6     
  Branches     2855     2870   +15     
=======================================
+ Hits         9315     9321    +6     
  Misses        842      842           
  Partials        1        1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@yusukebe
Copy link
Member

yusukebe commented Dec 2, 2024

Hi @Soviut

Thank you for the PR!

Do you think that we should show a similar message for form?

https://github.com/honojs/hono/pull/3707/files#diff-e3ae0a2a0f7c0f9209a9627ba4da7f499f23e1873275b8d0c0f028e77d9cdee4R87-R93

@Soviut
Copy link
Author

Soviut commented Dec 2, 2024
edited
Loading

@yusukebe Yes, let's do that. I've updated the PR to warn if the target is form but content-type header is missing either multipart/form-data or application/x-www-url-encoded

@EdamAme-x
Copy link
Contributor

EdamAme-x commented Dec 3, 2024
edited
Loading

I think that this may be an option.

Because a threat actor's malicious request could cause a warning to be logged to the console in a production environment.

@Soviut
Copy link
Author

Soviut commented Dec 3, 2024

Because a threat actor's malicious request could cause a warning to be logged to the console in a production environment.

What is the concern with that? Wouldn't that help identify threat actors more easily if lots of warnings start showing up in logs?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

zod-validator should show a more useful error when JSON body is missing content-type header
3 participants
@Soviut @yusukebe @EdamAme-x