我知道您可以尝试通过向 body-parser 中间件添加 {limit: '50mb'}(或其他一些非常大的限制)来处理此错误,但这实际上并不能解决问题,因为攻击者可以发送大小为 51mb,他们将收到 HTTP 413 响应,但有异常,例如:
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Error</title>
</head>
<body>
<pre>PayloadTooLargeError: request entity too large<br>
at readStream (/some/path/node_modules/raw-body/index.js:155:17)<br>
at getRawBody (/some/path/node_modules/raw-body/index.js:108:12)<br>
at read (/some/path/node_modules/body-parser/lib/read.js:77:3)<br>
at textParser (/some/path/node_modules/body-parser/lib/types/text.js:86:5)<br>
at Layer.handle [as handle_request] (/some/path/node_modules/express/lib/router/layer.js:95:5)<br>
at trim_prefix (/some/path/node_modules/express/lib/router/index.js:317:13)<br>
at /some/path/node_modules/express/lib/router/index.js:284:7<br>
at Function.process_params (/some/path/node_modules/express/lib/router/index.js:335:12)<br>
at next (/some/path/node_modules/express/lib/router/index.js:275:10)<br>
at expressInit (/some/path/node_modules/express/lib/middleware/init.js:40:5)<br>
at Layer.handle [as handle_request] (/some/path/node_modules/express/lib/router/layer.js:95:5)<br>
at trim_prefix (/some/path/node_modules/express/lib/router/index.js:317:13)<br>
at /some/path/node_modules/express/lib/router/index.js:284:7<br>
at Function.process_params (/some/path/node_modules/express/lib/router/index.js:335:12)<br>
at next (/some/path/node_modules/express/lib/router/index.js:275:10)<br>
at query (/some/path/node_modules/express/lib/middleware/query.js:45:5)</pre>
</body>
</html>
这显然非常糟糕,因为它向攻击者提供了有关我的设置的信息。
谢谢
答案 0 :(得分:0)
受上面评论中@jfriend00的影响,解决方法如下:
在中间件路由的末尾添加如下所示的中间件:
app.use((err, req, res, next) => {
if (err) {
return res.sendStatus(YOUR ERROR CODE HERE);
}
next();
});
添加以下环境变量:
export NODE_ENV=production