jprdonnelly/docs
1
0
Fork 0
mirror of synced 2026-01-09 06:03:09 -05:00
Code Issues Projects Releases Wiki Activity

Trap survey honeypot GET requests (#37643)

Browse Source
This commit is contained in:
Peter Bengtsson
2023-06-09 08:45:19 -04:00
committed by GitHub
parent 8eedfdd376
commit 0f92b412f4
1 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/observability/middleware/handle-invalid-query-strings.js
View File

@@ -46,10 +46,16 @@ export default function handleInvalidQuerystrings(req, res, next) {
}
}
if (keys.length >= MAX_UNFAMILIAR_KEYS_BAD_REQUEST) {
// If you fill out the Survey form with all the fields and somehow
// don't attempt to make a POST request, you'll end up with a query
// string like this.
const honeypotted = 'survey-token' in query && 'survey-vote' in query
if (keys.length >= MAX_UNFAMILIAR_KEYS_BAD_REQUEST || honeypotted) {
noCacheControl(res)
res.status(400).send('Too many unrecognized query string parameters')
const message = honeypotted ? 'Honeypotted' : 'Too many unrecognized query string parameters'
res.status(400).send(message)
const tags = [
'response:400',