Forbid strange fields

Disallow fields not present in the DTO definition.

Our ValidationPipe is working, but we may want more strict validation. Currently, we can send properties not present in the DTO. However, this may lower our overall security. Therefore, let's go back to our pipe instantiation in the CommonModule and insert an options object with the following properties:

{ whitelist: true, forbidNonWhitelisted: true }

The first option strips the object of non-present properties. The second one, combined with the first one, instead of stripping the object, throws an exception.

We can also set the transform option so that the incoming JSON will automatically be transformed from a plain object to an instance of the corresponding DTO.

PreviousMore specific validation NextId validation

Last updated 5 days ago