http: WARN if GET request has non-empty body
Give the user a hint that they might be doing something wrong if their GET request has a non-empty body, which can easily happen using curl's --data-urlencode if specifying request type via "--request GET" rather than "--get". See https://github.com/hashicorp/consul/issues/11471.
This commit is contained in:
parent
033e0ed13f
commit
13712de2e7
|
@ -0,0 +1,3 @@
|
||||||
|
```release-note:improvement
|
||||||
|
http: if a GET request has a non-empty body, log a warning that suggests a possible problem (parameters were meant for the query string, but accidentally placed in the body)
|
||||||
|
```
|
|
@ -543,6 +543,17 @@ func (s *HTTPHandlers) wrap(handler endpoint, methods []string) http.HandlerFunc
|
||||||
} else {
|
} else {
|
||||||
err = s.checkWriteAccess(req)
|
err = s.checkWriteAccess(req)
|
||||||
|
|
||||||
|
// Give the user a hint that they might be doing something wrong if they issue a GET request
|
||||||
|
// with a non-empty body (e.g., parameters placed in body rather than query string).
|
||||||
|
if req.Method == http.MethodGet {
|
||||||
|
if req.ContentLength > 0 {
|
||||||
|
httpLogger.Warn("GET request has a non-empty body that will be ignored; "+
|
||||||
|
"check whether parameters meant for the query string were accidentally placed in the body",
|
||||||
|
"url", logURL,
|
||||||
|
"from", req.RemoteAddr)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if err == nil {
|
if err == nil {
|
||||||
// Invoke the handler
|
// Invoke the handler
|
||||||
obj, err = handler(resp, req)
|
obj, err = handler(resp, req)
|
||||||
|
|
Loading…
Reference in New Issue