New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

检查请求中未定义的字段 #1

Open

gwind opened this issue Apr 17, 2019 · 0 comments

Labels

Contributor

gwind commented Apr 17, 2019

示例，如果多了一个未定义的 abc 字段，下面请求也能通过：

curl -X POST {URL} \
  -H 'Content-Type: application/json' \
  -d '{
	"abc": 123,
	"username": "ooclab",
	"password": "aaaaaa"
}'

除了风险之外，也带来了额外工作量，比如 BFF 层仅仅将 request body 转发到后端，是不能带未知字段的，就需要编码限制。

The text was updated successfully, but these errors were encountered:

gwind added the help wanted label

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment