Skip to content
This repository has been archived by the owner on May 3, 2024. It is now read-only.

Commit

Permalink
feat(ssrServer): enable urlencoded post data (#313)
Browse files Browse the repository at this point in the history
  • Loading branch information
sumanramagoni authored Oct 13, 2020
1 parent b6ad3f3 commit 3481dc0
Show file tree
Hide file tree
Showing 4 changed files with 58 additions and 3 deletions.
21 changes: 21 additions & 0 deletions __tests__/integration/one-app.spec.js
Original file line number Diff line number Diff line change
Expand Up @@ -1300,6 +1300,27 @@ describe('Tests that can run against either local Docker setup or remote One App
sendingData: 'in POSTs',
});
});
test('app passes urlencoded POST data to modules via vitruvius', async () => {
const response = await fetch(
`${appInstanceUrls.fetchUrl}/vitruvius`,
{
...defaultFetchOpts,
method: 'POST',
headers: {
'content-type': 'application/x-www-form-urlencoded',
},
body: 'legacy=application&sendingData=in POSTs',
}
);

const pageHtml = await response.text();
const data = JSON.parse(pageHtml.match(/<pre>([^<]+)<\/pre>/)[1].replace(/&quot;/g, '"'));
expect(data).toHaveProperty('req.body');
expect(data.req.body).toEqual({
legacy: 'application',
sendingData: 'in POSTs',
});
});

describe('routing', () => {
test('IndexRedirect redirects', async () => {
Expand Down
27 changes: 25 additions & 2 deletions __tests__/server/ssrServer.spec.js
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,10 @@
import request from 'supertest';

jest.mock('express');
jest.mock('body-parser', () => ({ json: jest.fn(() => (req, res, next) => next()) }));
jest.mock('body-parser', () => ({
json: jest.fn(() => (req, res, next) => next()),
urlencoded: jest.fn(() => (req, res, next) => next()),
}));
jest.mock('../../src/server/middleware/clientErrorLogger');
jest.mock('../../src/server/middleware/setAppVersionHeader');
jest.mock('../../src/server/middleware/addSecurityHeaders');
Expand Down Expand Up @@ -109,13 +112,14 @@ describe('ssrServer', () => {
let addFrameOptionsHeader;
let addCacheHeaders;
let json;
let urlencoded;
let forwardedHeaderParser;
let serviceWorker;
let webManifest;
let offline;

function loadServer() {
({ json } = require('body-parser'));
({ json, urlencoded } = require('body-parser'));
clientErrorLogger = require('../../src/server/middleware/clientErrorLogger').default;
setAppVersionHeader = require('../../src/server/middleware/setAppVersionHeader').default;
addSecurityHeaders = require('../../src/server/middleware/addSecurityHeaders').default;
Expand Down Expand Up @@ -424,6 +428,25 @@ describe('ssrServer', () => {
done();
});
});
it('should configure urlencoded parsing with a maximum limit for render post pre-flight options calls', (done) => {
request(loadServer())
.options('/route')
.end(() => {
expect(urlencoded).toBeCalled();
expect(json.mock.calls[1][0]).toHaveProperty('limit', '0kb');
done();
});
});

it('should configure json urlencoded with a maximum limit for render post calls', (done) => {
request(loadServer())
.post('/route')
.end(() => {
expect(urlencoded).toBeCalled();
expect(json.mock.calls[2][0]).toHaveProperty('limit', '15kb');
done();
});
});

describe('cors for render post calls', () => {
it('pre-flight OPTIONS should not respond with CORS headers', (done) => {
Expand Down
9 changes: 9 additions & 0 deletions docs/recipes/Making-An-Api-Call.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,4 +6,13 @@

Recipe is forthcoming.

## POST
To enable post set [`ONE_ENABLE_POST_TO_MODULE_ROUTES`](../api/server/Environment-Variables.md#ONE_ENABLE_POST_TO_MODULE_ROUTES) environment variable.
Request body must be either a JSON object or FormData of less than 15KB in size and is passed as props to your module.

Supported media types:
- `application/json`
- `application/x-www-form-urlencoded`


[☝️ Return To Top](#Making-An-Api-Call)
4 changes: 3 additions & 1 deletion src/server/ssrServer.js
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ import path from 'path';
import express from 'express';
import compression from 'compression';
import cookieParser from 'cookie-parser';
import { json } from 'body-parser';
import { json, urlencoded } from 'body-parser';
import helmet from 'helmet';
import cors from 'cors';

Expand Down Expand Up @@ -96,13 +96,15 @@ export function createApp({ enablePostToModuleRoutes = false } = {}) {
'*',
addSecurityHeaders,
json({ limit: '0kb' }), // there should be no body
urlencoded({ limit: '0kb' }), // there should be no body
cors({ origin: false }) // disable CORS
);

app.post(
'*',
addSecurityHeaders,
json({ limit: '15kb' }),
urlencoded({ limit: '15kb' }),
addFrameOptionsHeader,
createRequestStore(oneApp, { useBodyForBuildingTheInitialState: true }),
createRequestHtmlFragment(oneApp),
Expand Down

0 comments on commit 3481dc0

Please sign in to comment.