http - Express - 如何阻止无效的 http 方法？

Question

我收到无效的 http 方法(见下文)，当路由有效时，这些方法会从我的服务器触发超时错误。有什么方法可以阻止 Express 中的所有无效请求吗？我在谷歌上找不到任何东西。

Answer 1

采用白名单方法

// before your other code check supported methods
// assuming these ones are, just add/remove ones to customize
if (!/^(GET|PUT|POST|DELETE)$/.test(req.method)) {
  res.status(400).end('bad request');
  return;
}

// your code goes here now

或如果使用 express，则使用中间件

router.use((req, res, next) => {
  if (!/^(GET|PUT|POST|DELETE)$/.test(req.method)) {
    res.status(400).end('bad request');
    return;
  }
  next();
});

用唐纳德·拉姆斯菲尔德的话...

Reports that say that something hasn't happened are always interesting to me, because as we know, there are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns – the ones we don't know we don't know. And if one looks throughout the history of our country and other free countries, it is the latter category that tend to be the difficult ones.

tl;dr 重要的是，您只能知道自己知道什么，所以请使用白名单。