Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug: Content Length set incorrectly for GET requests #359

Open
austince opened this issue Aug 2, 2018 · 6 comments
Open

Bug: Content Length set incorrectly for GET requests #359

austince opened this issue Aug 2, 2018 · 6 comments
Assignees
@monkpow
Labels
bug

Comments

@austince
Copy link

austince commented Aug 2, 2018

The content length is set to 2, even though there is no body. I've tracked this down to the proxy.bodyContent being set to an empty object, which is then translated to "{}". This makes the requests invalid according to the HTTP spec, or so I'm told by a large company that has started rejecting these requests as malformed.
@austince
Copy link
Author

austince commented Aug 3, 2018

Fixed this by setting the parseBody option to false, though I still believe that it should be either:
a) enforced by default
b) empty bodies should be translated to "" instead of {}
c) GET requests should automatically override this to ""

@monkpow monkpow self-assigned this Aug 6, 2018
@monkpow monkpow added the bug label Aug 6, 2018
@monkpow
Copy link
Collaborator

monkpow commented Aug 6, 2018

Thanks for this report, I'll look into it.

brumar added a commit to brumar/express-http-proxy that referenced this issue Nov 5, 2018
@brumar
fix empty body problem (cf issue 359 of original repo)
952ebcf 
villadora#359
@webberig
Copy link

webberig commented Dec 1, 2018

I started encountering the same problem as soon as I deployed the backend service to Google App Engine. The proxy works fine when everything is running locally on my machine, but requests to the Google cloud platform started returning 400 Bad request errors.

@chalcedonyt
Copy link

Thanks for fixing this @brumar

@utay utay mentioned this issue Mar 3, 2021
Merged
@fs-projects
Copy link

fs-projects commented Jun 16, 2022
edited
Loading

Hello Everyone,

I am able to reproduce this issue in express-http-proxy version 1.6.3. My GET requests are blocked by my client due to this exact same issue. This is the exact reason they shared to me stating that the content-length header is having value 2 in your all GET requests which is not a right practice and could be malicious.

For now I have used the workaround as shared above with only difference that in my case that variable is parseReqBody instead of parseBody.

Can someone please tell me if this bug was ever fixed ? Or has it resurfaced again?

@rogeriochaves
Copy link

rogeriochaves commented Nov 10, 2022
edited
Loading

@fs-projects yeah, can confirm, I downgraded to 1.6.2 and it was also not fixed there, I've even tried the PR linked above, but no success. I think it was never fixed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@monkpow monkpow

Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@monkpow @rogeriochaves @webberig @chalcedonyt @austince @fs-projects