http: WARN if GET request has non-empty body

Give the user a hint that they might be doing something wrong if their GET
request has a non-empty body, which can easily happen using curl's
--data-urlencode if specifying request type via "--request GET" rather than
"--get". See https://github.com/hashicorp/consul/issues/11471.
This commit is contained in:
Jared Kirschner 2021-12-13 09:02:58 -08:00
parent 033e0ed13f
commit 13712de2e7
2 changed files with 14 additions and 0 deletions

3
.changelog/11821.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:improvement
http: if a GET request has a non-empty body, log a warning that suggests a possible problem (parameters were meant for the query string, but accidentally placed in the body)
```

View File

@ -543,6 +543,17 @@ func (s *HTTPHandlers) wrap(handler endpoint, methods []string) http.HandlerFunc
} else { } else {
err = s.checkWriteAccess(req) err = s.checkWriteAccess(req)
// Give the user a hint that they might be doing something wrong if they issue a GET request
// with a non-empty body (e.g., parameters placed in body rather than query string).
if req.Method == http.MethodGet {
if req.ContentLength > 0 {
httpLogger.Warn("GET request has a non-empty body that will be ignored; "+
"check whether parameters meant for the query string were accidentally placed in the body",
"url", logURL,
"from", req.RemoteAddr)
}
}
if err == nil { if err == nil {
// Invoke the handler // Invoke the handler
obj, err = handler(resp, req) obj, err = handler(resp, req)