(new feature) The ngx_postgres module do not discard request body anymore. The request body is captured and can be used in requests.
The request body is processed to escape string literals before substitution.
Description
Now nginx will read the entire request body in the content step if the postgres_query directive was used. '$request_body' variable can now be used in sql query string.
The variable request_body cannot be processed by the postgres_escape directive during the rewrite phase. Therefore, for security reasons, the request_body value that is used in postgres_query is always processing to escape string literals during the content phase without the need for postgres_escape.
This behavior can be disabled by directive postgres_escape_request_body off.
Added tests to check behavior when using the request body. Added a configuration sample in the readme.
Changes for supporting current versions of nginx (fixes #57) included.
This PR makes the following changes
Description
Now nginx will read the entire request body in the content step if the
postgres_querydirective was used. '$request_body' variable can now be used in sql query string.The variable
request_bodycannot be processed by thepostgres_escapedirective during the rewrite phase. Therefore, for security reasons, therequest_bodyvalue that is used inpostgres_queryis always processing to escape string literals during the content phase without the need forpostgres_escape.This behavior can be disabled by directive
postgres_escape_request_body off.Added tests to check behavior when using the request body. Added a configuration sample in the readme.
Changes for supporting current versions of nginx (fixes #57) included.