I am supporting a legacy application which sends data using a multi-part form. When it finishes sending, it sends a final request without any data, just form fields. I don't have access to the source, but I assume it's done in some sort of loop and when it runs out of data to send, it sends a field to indicate that no more data is coming but doesn't change the way it formats the request. This causes the application to fail as it doesn't get the response it expects.
So, I would say that it should be removed, or at least a flag to enable ignoring empty multi-part data.
Hello!
In the line of code referenced you ask if that section of code is needed. I would say no.
https://github.com/dvwright/xss-mw/blob/7a0dab86d8f63202fbeb1023838a538132de1102/xss.go#L376
I am supporting a legacy application which sends data using a multi-part form. When it finishes sending, it sends a final request without any data, just form fields. I don't have access to the source, but I assume it's done in some sort of loop and when it runs out of data to send, it sends a field to indicate that no more data is coming but doesn't change the way it formats the request. This causes the application to fail as it doesn't get the response it expects.
So, I would say that it should be removed, or at least a flag to enable ignoring empty multi-part data.
Thanks!