Open tomdangpropine opened 1 year ago
kanongil
commented
1 year ago This needs more context to properly diagnose, but it seems like you expect one or more part names to be parsed as a query param field? Hapi does not support this, and you will need to rework your request, or maybe add a onPostAuth hook to transform from this manually.
How did you source this form input?
tomdangpropine
commented
1 year ago @kanongil thanks for your quick response, I sent a form-data request, I expected to have a nested object and array in request.payload. For example: I send a request below
I expect the request.payload looks like a nested objecte
{
authorisation_proof: {
file: ...,
type: ....
}
}But It's not, it's a flat object like this
{
"authorisation_proof[file]": ...,
"authorisation_proof[type]": ...
}Let me try transforming with the onPostAuth hook, but I think this transformation used to be available in the previous versions.
kanongil
commented
1 year ago I'm not aware of any standards that would expect hapi to parse form-data names as query string object keys, as you seem to suggest. I would strongly suggest that you change your approach, if possible, as this kind of parsing is prone to create security issues, as seen in the related qs module.
devinivy
commented
1 year ago hapi used to use the qs module for parsing complex field names like that, but it was discontinued back in v12. I believe the upgrade path in the release notes from back then is still fairly accurate: https://github.com/hapijs/hapi/issues/2985
Context
How can we help?
I'm working with the multipart/form-data on hapi (version 20.3.0), the request payload is not parsed correctly for array and nested object. Here is my request payload that i got
My route