Closed aacic closed 2 weeks ago
@aacic there is already app.use(bodyParser.json({ limit: '5mb' }))
in setAppMiddlewares()
. Maybe move that code before the jwt processing? We shouldn't need two middlewares to process json payloads.
and jwt should ideally be in the header as Authorization: Bearer xxxx
or X-Auth-Token
or domain-based cookie (best), although some legacy usage submits it in the body which is less secure but okay for a few use cases, like a private portal
@aacic there is already
app.use(bodyParser.json({ limit: '5mb' }))
insetAppMiddlewares()
. Maybe move that code before the jwt processing? We shouldn't need two middlewares to process json payloads.
@siosonel this is fixed.
Description
I moved jwt serverconfig handling bellow the bodyParser.json handling.
To test:
Add to
serverconfig.json
:curl -X POST http://localhost:3000/ -H "Content-Type: application/json" -d '{"jwt":"value"}'
Should get:
{"error":"Invalid token"}
Instead of:
{"error":"json web token missing"}
Checklist
Check each task that has been performed or verified to be not applicable.