unauthorized users send multipart/data to server event after being rejected with 401 error

Question

Im using Busboy with Express and Passport-JWT to upload file from my client , when the client is authorized with a valid JWT token everything works fine , but in cases that client is not authorized although error code 401 is sent to client but when i intercept incomming traffic to associated port in my ubuntu server(TCPDump) i see a load is getting in from that port . although all the listeners for uploading that file is inside /uploads route and its not clear where is the uploaded data is heading

Router.post("/",
passport.authenticate('jwt',{session:false}),
(req,res)=>{
  try{
      const busboy = createBusboy(req); 
      busboy.on("uploadFinished",(uploadedFiles:any)=>{
        res.json(JSON.parse(uploadedFiles))
      })
      busboy.on("error",(err:any)=>{
        console.log(err)
      })
      req.pipe(busboy);
  }catch(e){
    res.json({e})
  }
})

score 0 · Answer 1 · answered Oct 03 '20 at 09:39

For those who might come across this issue i found the root , after sending 401 error respond to client the connection was still open and the rest of multipart/data content were streaming towards server so i could intercept it . the fix is to write a "connection:close" to your respond header .

unauthorized users send multipart/data to server event after being rejected with 401 error

1 Answers1