Comments (8)
Hi @ImRodry that should be possible already. Does limit: Infinity
not work?
from body-parser.
Ok, I just tested and limit: Infinity
works. We will fix so limit: null
will also work in the 2.x branch as an additional method too, but cannot in the 1.x branch as anyone currently passing in null
will be at 100kb
and they would suddenly have no limit if they were to do a non-semver-major upgrade and be exposed to DoS. Thank you for reporting and I hope the above helps you at least get a working no-limit in the 1.x as well 👍
from body-parser.
Hello @dougwilson I did find the Infinity workaround but that is not ideal. Adding support for a null limit would not be a breaking change because null is an explicitly empty value, as opposed to undefined which is meant to be ignored. Furthermore users in TS are currently not allowed to set the limit to null. I believe this should be added in a minor version.
from body-parser.
Thank you for your perspective. Unfortunately I cannot do that due to the existing behavior and the change introducing a DoS vector to existing users, even if you believe that they are using it "incorrectly" -- it is not a risk we will expose our users to without a major version increase.
As for typescript definitions, I believe you would need to open an issue on definitely typed project, as that is where the definitions are maintained.
from body-parser.
Ah I forgot express doesn't export its own types (it really should)
I don't really understand why this has to be under a major version bump since that is not a valid use case. Why would anyone explicitly pass the limit as null when they want to use the default? Wouldn't they just be better off not passing it at all, or doing so as undefined if they need to for some bizarre reason? This should not be considered a breaking change under semver.
Also seeing as the issue for 2.0 was created in 2014, is there a set date or estimation for when it will be released or will we have to wait another 10 years?
from body-parser.
Ah I forgot express doesn't export its own types (it really should)
There is a meta issue for this, but the project does not have any members who are here to maintain TypeScript definitions or have knowledge of it. Until we do, the definitely typed project maintains them for us.
I don't really understand why this has to be under a major version bump since that is not a valid use case. Why would anyone explicitly pass the limit as null when they want to use the default? Wouldn't they just be better off not passing it at all, or doing so as undefined if they need to for some bizarre reason? This should not be considered a breaking change under semver.
I cannot answer why folks do strange things. It is a consequence of having a HUGE user base. We have been burned many, many times for attempting to release these types of fixes in a non-mjaor and just have to roll them back almost every time. This one would actually cause a security issue, so we definitely take the conservative line.
Also seeing as the issue for 2.0 was created in 2014, is there a set date or estimation for when it will be released or will we have to wait another 10 years?
I mean, a new 2.0 was just release a few days ago... it is actively being push though the pipes for testing to be released and it's stale at all.
I'm sorry you don't like that our API is limit: Infinity
in the 1.x version and I tried to accommodate your request by adding a mark to add limit: null
as an alias. Sometimes a project doesn't always have the exact API you think it should have, and I provided a plan that would actually add what you requested.
from body-parser.
I had no idea 2.0 versions were being pushed but like I said I don't use this library directly, I use express which imports it, so it wouldn't be practical to install a version other than the one express ships with. Either way the first beta was published more than a year ago, which is why I asked when it was gonna be fully released, and most importantly when it will be added to express.
As a sidenote about the TS definitions you can always have the community help you for things like this, just like you are doing right now, just in a different repo. TS definitions really aren't hard and you already have some basis to work off of, so it shouldn't be too hard
from body-parser.
Either way I am using the Infinity limit at the moment, it just didn't seem intentional that that works and I'd rather use null, but I understand your motives
from body-parser.
Related Issues (20)
- bodyParser is deprecated, error HOT 1
- bodyparser.json() shown as deprecated? (question) HOT 7
- pass options to qs thru urlencoded? HOT 4
- Cannot catch SyntaxError when user provides invalid JSON in body and content-type: application/json HOT 3
- Support for content-encoding: deflate raw HOT 7
- req.body could not be accessed when send as form data, but works fine with JSON HOT 3
- Pass custom parameters to `qs` HOT 3
- Update iconv-lite to latest 0.6.3 HOT 7
- support for ndjson
- Regular Expression Denial of Service (ReDoS) in [email protected] HOT 3
- Update `debug` dependency (memory leak leading to vulnerability) HOT 1
- api calls made with invalid json HOT 5
- BadRequestError: request size did not match content length HOT 7
- How to handle content-type mismatch? HOT 1
- CVE-2017-20165 - debug HOT 2
- Issue HOT 1
- Debug package version in body parser showing security vulnerability HOT 10
- fails silently if the json has extra whitespace HOT 2
- json middleware does not work on content types with a `+` HOT 9
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from body-parser.