CR Parser

Airlock Microgateway Engine parses the request body before applying filters (deny rules, limits, OpenAPI) to a request's content. The parser selection is based on the Content-Type header. The CR Parser can be used to customize the built-in default parser selection logic.

  • Built-in parsers can be enabled/disabled individually (e.g., JSON and URL-encoded form parsers).
  • The built-in logic parses requests with Content-Type headers matching the corresponding mediaTypePattern pattern. The default pattern can be adjusted to trigger parsing on other content-type patterns.
  • Multipart parsing is enabled by default in the CR Parser. The Engines deny rules are applied to the parsed parameters as configured.
  • For requests without a Content-Type header, the parser logic adds a content-type header with the value configured in defaultContentType. However, the default can be customized using the option. The added Content-Type header is also used to select the correct parser as described above.

This CR needs to be referenced in the CR ContentSecurity.

The parser configuration is a crucial setting and influences the behavior of other filters. For example, disabling the JSON parser or set a less restrictive value causes that deny rules, limits, or OpenAPI specification validation are not applied at all. The same is true for other parsers.