Middleware letting objects through, supposed to only allow arrays

[limelier]

• node version - 13.9.0
• celebrate version - 12.0.1
• joi version (via npm ls --depth=0 | grep joi) - 17.1.1

My joi schema looks like this:

Joi.array()

Here is an example value that is not working as expected:

{}

The issue I am having with celebrate is:

Running Joi.array().validate({}); produces the expected validation error, but sending {} as a request body to the following route still prints {}, even though it should not get through.

router.get(
    '/',
    celebrate({
        body: Joi.array(),
    }),
    async (req, res) => {
        console.log(req.body);
    },
);

What's going on?

[arb]

celebrate doesn't validate req.body for GET requests. While it's technically allowed to have a body in GET requests per the HTTP spec, most people don't use GET that way. I also copied how hapi deals with this and hapi does not validate body on GET requests. The code around this is here.

Can you change your HTTP verb to POST instead?

[limelier]

I see, I wasn't familiar with that. Using the POST verb yields a validation error, as expected.

[arb]

I'll add something to the docs clarifying this.

[arb]

Note added in ea22b24ee98d6bc56b229f1613943dbb4d4104ca