Should err when trying to parse from a buffer

[rockbot]

Turns out a problem I was having with crumb (it's now fixed - yay!) was that I had the following route:

  facet.route({
    path: "/star",
    method: "POST",
    config: {
      handler: require('./show-star'),
      payload: { parse: false },
      plugins: {
        crumb: {
          source: 'payload',
          restful: true
        }
      }
    }
  });

Note the payload: { parse: false } - the payload came through the route as a buffered stream instead of an object, which would cause content[request.route.plugins._crumb.key] to be undefined, and thus render https://github.com/hapijs/crumb/blob/master/lib/index.js#L88 as true. (As a result, I kept getting a 403 on the route.)

Instead, crumb should notify the user that the stream is a buffer with an error indicating such, so that the user can make sure the payload is a nice pretty object instead ;-)

[stongo]

returning a specific error message to a user as suggested does not follow security best practices - an error like this would give a "hint" to potential attackers IMHO marking this as "will not fix"

[lock[bot]]

This thread has been automatically locked due to inactivity. Please open a new issue for related bugs or questions following the new issue template instructions.