Airlock Microgateway Engine parses the request body before applying filters (deny rules, limits, OpenAPI, GraphQL) to a request's content. The parser selection is based on the Content-Type header. The CR Parser can be used to customize the built-in default parser selection logic.
- Built-in parsers can be enabled/disabled individually (e.g., JSON and URL-encoded form parsers).
- The built-in logic parses requests with
Content-Type
headers matching the correspondingmediaTypePattern
pattern. The default pattern can be adjusted to trigger parsing on other content-type patterns. - Multipart parsing is enabled by default in the CR Parser. The Engines deny rules are applied to the parsed parameters as configured.
- For requests without a
Content-Type
header, the parser logic adds a content-type header with the value configured indefaultContentType
. However, the default can be customized using the option. The addedContent-Type
header is also used to select the correct parser as described above.
This CR needs to be referenced in the CR ContentSecurity.
The parser configuration is a crucial setting and influences the behavior of other filters. For example, disabling the JSON parser or set a less restrictive value causes that deny rules, limits, or OpenAPI specification validation are not applied at all. The same is true for other parsers.