crumb icon indicating copy to clipboard operation
crumb copied to clipboard

Published 20 hours ago verified publisher icon hapijs

PUT / DELETE requests don't do crumb validation

Open hannesvdvreken opened this issue 2 years ago • 0 comments

It's very common in other frameworks to do REST routes as such:

(request: Request, h: ResponseToolkit): symbol => {
  if (request.method === 'post' && request.url.searchParams.has('_method')) {
    const override = request.url.searchParams.get('_method');
    request.setMethod(override);
  }

  return h.continue;
};

These are some example routes:

{
  path: '/articles',
  method: 'POST',
  options: {
    validate: {
      payload: Joi.object({
        name: Joi.string(),
      });
    },
  },
  handler: store,
},
{
  path: '/articles/{slug}',
  method: 'PUT',
  options: {
    validate: {
      payload: Joi.object({
        name: Joi.string(),
      });
    },
  },
  handler: save,
},

POST will succeed, PUT will fail because

errors: {
  "crumb": "\"crumb\" is not allowed"
}

hannesvdvreken avatar Aug 09 '22 11:08 hannesvdvreken