express-fileupload seems to not respect cors with abortOnLimit #303
Description
Hey folks,
I was playing with express-fileupload today and hit what I think is a bug.
const express = require('express');
const cors = require('cors');
const fileUpload = require('express-fileupload');
const app = express();
app.use(cors());
app.use(express.json());
app.use(fileUpload({
useTempFiles: true,
tempFileDir: '/tmp/',
limits: { fileSize: 50 * 1024 * 1024 },
abortOnLimit: true,
preserveExtension: true,
}));With the above, if my upload view is over the limit (50MB), it should return a 413, however, I believe because it isn't setting the CORS headers correctly it doesn't return 413, instead the client side gets a CORS error.
This is my view
app.post('/upload', (req, res) => {
const uploadedFile = req.files[Object.keys(req.files)[0]];
uploadedFile.mv(`/tmp/user1/${uploadedFile.name}`, (err) => {
if (err) { return res.status(500).send(err); }
return res.send('File uploaded!');
});
});If I register my own limitHandler it then works correctly and the cors headers get set
app.use(fileUpload({
useTempFiles: true,
tempFileDir: '/tmp/',
limits: { fileSize: 50 * 1024 * 1024 },
abortOnLimit: true,
// eslint-disable-next-line no-unused-vars
limitHandler: (req, res, next) => {
res.status(400).json({ error: 'File is too large.' });
},
preserveExtension: true,
}));Another interesting thing is that with my limitHandler I need to check if the headers were already sent, otherwise my app crashes
if (!res.headersSent) {
const uploadedFile = req.files[Object.keys(req.files)[0]];
uploadedFile.mv(`/tmp/user1/${uploadedFile.name}`, (err) => {
if (err) { return res.status(500).send(err); }
return res.send('File uploaded!');
});
}Thank you