Request body is parsed before authentication

Question

Request body is parsed before authentication

Closed this issue 8 years ago · 1 comments

Scenario:
I had an issue when using multipart form data as request body, The content of the files were streamed from a client which were processed in application and stored in database.

The problem is even if the request was unauthorized, request body is parsed completely which in turn modifies database state and response code still is 401(Unauthorized)

Answer 1 · 2017-03-22T11:52:08.000Z

Released with 2.5.3.