5

This is on a web app which is built using MEAN stack. Node version 20.18; Ubuntu 22.04; Angular 17.x (the dist file is served from within the Node project.)

When the web-app URL is visited. It throws the error. Detailed error is given further below and also the screenshot.

TypeError: Cannot assign to read only property 'query' of object '#<IncomingMessage>'
    at /root/cops/node_modules/express-mongo-sanitize/index.js:113:18

If I comment out the mongoSanitize part in app.js below, the error disappears.

The same code is running on another VPS, with same env and there this error is not thrown. I am unable to figure out the cause of this error.

Extract of app.js

const path = require("path")
const mongoose = require('mongoose');
const express = require('express');
const bodyparser = require('body-parser');
const cookieParser = require('cookie-parser');
const crypto = require('crypto');

const { xss } = require('express-xss-sanitizer');
const helmet = require('helmet');
const mongoSanitize = require('express-mongo-sanitize');

const config = require('./config/config');
const morgan = require('./config/morgan');
const logger = require('./config/logger');
const ApiError = require('./helpers/ApiError');
const { errorHandlerNew, errorConvertor } = require('./middleware/errors');
const app = express();

app.use(morgan.successLogHandler);
app.use(morgan.errorLogHandler);

const connectStr = config.dbConnection + config.dbName;
mongoose.connect(connectStr, mongooseOpts)
  .then(() => {
    logger.info('Connected to database');
  })
  .catch((err) => {
    logger.error('Database connection failed with error: ' + err);
  });

app.use(bodyparser.json());
app.use(bodyparser.urlencoded({extended: false}));
app.use(cookieParser());

app.use(xss());
// app.use(mongoSanitize());   /// WHEN ENABLED GIVES ERROR

app.use("/", express.static(path.join(__dirname, "angular")));

const myCors = {
  origin: ["http://localhost:4200","http://localhost:5200", ...],
  default: "http://localhost:4200"
}

app.use((req, res, next) => {
  // logger.info('app.js req.headers.origin: ' + req.headers.origin);
  let reqHeadersOrigin = '';
  if(req.headers.origin) reqHeadersOrigin = req.headers.origin.toLowerCase();
  const origin = myCors.origin.includes(reqHeadersOrigin) ? req.headers.origin : myCors.default;
  res.setHeader('Access-Control-Allow-Origin', origin);
  res.setHeader("Access-Control-Allow-Credentials", true);
  res.setHeader(
  'Access-Control-Allow-Headers',
  'Origin, X-Requested-With, Content-Type, Accept, Authorization, x-client-key, x-client-token, x-client-secret');

  res.setHeader(
  'Access-Control-Allow-Methods',
  'GET, POST, PUT, PATCH, DELETE, OPTIONS')

  if (req.method === 'OPTIONS') {
    return res.status(200).end();
  }

  next();
});

app.use((req, res, next) => {
  res.sendFile(path.join(__dirname, "angular", "index.html"));
});

ERROR on loading the portal

10 Jan 2025, 10:47:06 pm: error: TypeError: Cannot assign to read only property 'query' of object '#<IncomingMessage>'
    at /root/cops/node_modules/express-mongo-sanitize/index.js:113:18
    at Array.forEach (<anonymous>)
    at /root/cops/node_modules/express-mongo-sanitize/index.js:110:44
    at Layer.handle [as handle_request] (/root/cops/node_modules/express/lib/router/layer.js:95:5)
    at trim_prefix (/root/cops/node_modules/express/lib/router/index.js:328:13)
    at /root/cops/node_modules/express/lib/router/index.js:286:9
    at Function.process_params (/root/cops/node_modules/express/lib/router/index.js:346:12)
    at next (/root/cops/node_modules/express/lib/router/index.js:280:10)
    at /root/cops/node_modules/express-xss-sanitizer/index.js:19:5
    at Layer.handle [as handle_request] (/root/cops/node_modules/express/lib/router/layer.js:95:5)
    at trim_prefix (/root/cops/node_modules/express/lib/router/index.js:328:13)
    at /root/cops/node_modules/express/lib/router/index.js:286:9
    at Function.process_params (/root/cops/node_modules/express/lib/router/index.js:346:12)
    at next (/root/cops/node_modules/express/lib/router/index.js:280:10)
    at cookieParser (/root/cops/node_modules/cookie-parser/index.js:57:14)
    at Layer.handle [as handle_request] (/root/cops/node_modules/express/lib/router/layer.js:95:5)
    at trim_prefix (/root/cops/node_modules/express/lib/router/index.js:328:13)
    at /root/cops/node_modules/express/lib/router/index.js:286:9
    at Function.process_params (/root/cops/node_modules/express/lib/router/index.js:346:12)
    at next (/root/cops/node_modules/express/lib/router/index.js:280:10)
    at urlencodedParser (/root/cops/node_modules/body-parser/lib/types/urlencoded.js:94:7)
    at Layer.handle [as handle_request] (/root/cops/node_modules/express/lib/router/layer.js:95:5)

enter image description here

Improve this question
2

1 Answer 1

Reset to default
2

use this middleware at the beginning of the code.

this will make the new version of express allow to edit the query of the request after you receive it.


app.use((req, res, next) => {
  Object.defineProperty(req, 'query', {
    ...Object.getOwnPropertyDescriptor(req, 'query'),
    value: req.query,
    writable: true,
  });
  next();
});
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

As it’s currently written, your answer is unclear. Please edit to add additional details that will help others understand how this addresses the question asked. You can find more information on how to write good answers in the help center.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.