Co-authored-by: Tomas Della Vedova <delvedor@users.noreply.github.com>
This commit is contained in:
github-actions[bot]
committed by
GitHub
GitHub
parent
db5476ad5d
commit
a287c71147
@ -256,3 +256,24 @@ const client = new Client({
|
||||
_Default:_ `false`
|
||||
|
||||
|===
|
||||
|
||||
[discrete]
|
||||
==== Performances considerations
|
||||
|
||||
By default, the client will protection you against prototype poisoning attacks.
|
||||
Read https://web.archive.org/web/20200319091159/https://hueniverse.com/square-brackets-are-the-enemy-ff5b9fd8a3e8?gi=184a27ee2a08[this article] to learn more.
|
||||
If needed you can disable prototype poisoning protection entirely or one of the two checks.
|
||||
Read the `secure-json-parse` https://github.com/fastify/secure-json-parse[documentation] to learn more.
|
||||
|
||||
While it's good to be safe, you should know that security always comes with a cost.
|
||||
With big enough payloads, this security check could causea drop in the overall performances,
|
||||
which might be a problem for your application.
|
||||
If you know you can trust the data stored in Elasticsearch, you can safely disable this check.
|
||||
|
||||
[source,js]
|
||||
----
|
||||
const client = new Client({
|
||||
disablePrototypePoisoningProtection: true
|
||||
})
|
||||
----
|
||||
|
||||
|
||||
Reference in New Issue
Block a user