Advanced Topics

zp-body-removed

Zuplo doesn't support GET or HEAD requests with bodies. This is because the product is based on web standards and our stack makes heavy use of fetch which explicitly doesn't support GET, HEAD requests with a body.

For this reason, any body of a GET/HEAD request is stripped on entry into Zuplo infrastructure and a header zp-body-removed is added to the request.

This allows your origin/backend server to know that a body was removed. If you want to enforce this and reject such requests it's easy to write a custom policy that looks for a zp-body-removed header and return a response. An example is below:


Code
import { HttpProblems, ZuploContext, ZuploRequest } from "@zuplo/runtime";
export default async function (request: ZuploRequest, context: ZuploContext) {
  const bodyRemoved = request.headers.get("zp-body-removed");

  if (bodyRemoved) {
    return HttpProblems.badRequest(request, context, {
      detail: `GET or HEAD requests can't have a body.`,
    });
  }

  return request;
}

Edit this page

Last modified on November 17, 2025

Runtime Behaviors Zuplo Identity Token

Advanced Topics

zp-body-removed

For this reason, any body of a GET/HEAD request is stripped on entry into Zuplo infrastructure and a header zp-body-removed is added to the request.


Code
import { HttpProblems, ZuploContext, ZuploRequest } from "@zuplo/runtime";
export default async function (request: ZuploRequest, context: ZuploContext) {
  const bodyRemoved = request.headers.get("zp-body-removed");

  if (bodyRemoved) {
    return HttpProblems.badRequest(request, context, {
      detail: `GET or HEAD requests can't have a body.`,
    });
  }

  return request;
}

Edit this page

Last modified on November 17, 2025

Runtime Behaviors Zuplo Identity Token