GET request to /sharing (with no parameters) crashes the server
Closed this issue · 5 comments
Tested on 5.7.8 and On 5.7.9-beta running in a docker container.
Fetching the URL https://localhost:8443/sharing (with no parameters) causes the server to crash with the following output on the console:
solid | TypeError: Invalid URL
solid | at new URL (node:internal/url:775:36)
solid | at SharingRequest.getAppUrl (/usr/src/app/lib/requests/sharing-request.js:156:12)
solid | at get (/usr/src/app/lib/requests/sharing-request.js:70:28)
solid | at Layer.handle [as handle_request] (/usr/src/app/node_modules/express/lib/router/layer.js:95:5)
solid | at next (/usr/src/app/node_modules/express/lib/router/route.js:144:13)
solid | at Route.dispatch (/usr/src/app/node_modules/express/lib/router/route.js:114:3)
solid | at Layer.handle [as handle_request] (/usr/src/app/node_modules/express/lib/router/layer.js:95:5)
solid | at /usr/src/app/node_modules/express/lib/router/index.js:284:15
solid | at Function.process_params (/usr/src/app/node_modules/express/lib/router/index.js:346:12)
solid | at next (/usr/src/app/node_modules/express/lib/router/index.js:280:10) {
solid | code: 'ERR_INVALID_URL',
solid | input: 'undefined'
solid | }
It looks like the sharing-request handler is missing input validation to make sure all the expected parameters are present.
Thanks. Yes you are right
That fixes it for the GET request.
It seems the same issue is also in POST requests, sending it with empty GET variables also stops the server.
It seems the same issue is also in POST requests, sending it with empty GET variables also stops the server.
What do you mean by empty GET variables
A POST request to the server with an empty body also seems to trigger the same issue. I was confused about where the post request was getting the variables from, sorry about that.