I am working on a backbone application that communicates with an express.js server. I'm think about securing the express.js server. Does it make sense to create a middleware that checks that any data sent to the server is in json form (so no multipart form)? I doubt it provides any added security but could help return better error codes.
Asked
Active
Viewed 285 times
1 Answers
1
It could work as a first line of filtering and is fairly simple. Just check the content type header and either reject or call next()
module.exports = function() {
return function(req, res, next) {
if(req.get('Content-Type').match(/application\/json/i) === null) { // no match
return res.end(406, "Content type not accepted");
};
next(); // content type ok, move on to next middleware
}
}
Morgan ARR Allen
- 10,556
- 3
- 35
- 33
-
Something simpler can maybe be `req.is('json')` – Xerri Jul 25 '13 at 10:13