From 88cba2f1c79d8ced1ecddcd161355e5f42bfeb0c Mon Sep 17 00:00:00 2001
From: Rich Harris <rich.harris@vercel.com>
Date: Mon, 22 Jan 2024 15:33:19 -0500
Subject: [PATCH 1/2] fix: ignore bodies sent with non-PUT/PATCH/POST requests

---
 .changeset/smooth-kids-cover.md        | 5 +++++
 packages/kit/src/exports/node/index.js | 6 +++++-
 2 files changed, 10 insertions(+), 1 deletion(-)
 create mode 100644 .changeset/smooth-kids-cover.md

diff --git a/.changeset/smooth-kids-cover.md b/.changeset/smooth-kids-cover.md
new file mode 100644
index 000000000000..414b4261271e
--- /dev/null
+++ b/.changeset/smooth-kids-cover.md
@@ -0,0 +1,5 @@
+---
+'@sveltejs/kit': patch
+---
+
+fix: ignore bodies sent with non-PUT/PATCH/POST requests
diff --git a/packages/kit/src/exports/node/index.js b/packages/kit/src/exports/node/index.js
index f38a09358084..4138d33afff1 100644
--- a/packages/kit/src/exports/node/index.js
+++ b/packages/kit/src/exports/node/index.js
@@ -95,6 +95,8 @@ function get_raw_body(req, body_size_limit) {
 	});
 }
 
+const can_have_body = ['POST', 'PUT', 'PATCH'];
+
 /**
  * @param {{
  *   request: import('http').IncomingMessage;
@@ -109,7 +111,9 @@ export async function getRequest({ request, base, bodySizeLimit }) {
 		duplex: 'half',
 		method: request.method,
 		headers: /** @type {Record<string, string>} */ (request.headers),
-		body: get_raw_body(request, bodySizeLimit)
+		body: can_have_body.includes(request.method ?? '')
+			? get_raw_body(request, bodySizeLimit)
+			: undefined
 	});
 }
 

From 92b977cc60889f33a96b9a83c2750b9c79255017 Mon Sep 17 00:00:00 2001
From: Rich Harris <rich.harris@vercel.com>
Date: Mon, 22 Jan 2024 15:34:36 -0500
Subject: [PATCH 2/2] use ||

---
 packages/kit/src/exports/node/index.js | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/packages/kit/src/exports/node/index.js b/packages/kit/src/exports/node/index.js
index 4138d33afff1..8a9add147c78 100644
--- a/packages/kit/src/exports/node/index.js
+++ b/packages/kit/src/exports/node/index.js
@@ -95,8 +95,6 @@ function get_raw_body(req, body_size_limit) {
 	});
 }
 
-const can_have_body = ['POST', 'PUT', 'PATCH'];
-
 /**
  * @param {{
  *   request: import('http').IncomingMessage;
@@ -111,9 +109,10 @@ export async function getRequest({ request, base, bodySizeLimit }) {
 		duplex: 'half',
 		method: request.method,
 		headers: /** @type {Record<string, string>} */ (request.headers),
-		body: can_have_body.includes(request.method ?? '')
-			? get_raw_body(request, bodySizeLimit)
-			: undefined
+		body:
+			request.method === 'POST' || request.method === 'PUT' || request.method === 'PATCH'
+				? get_raw_body(request, bodySizeLimit)
+				: undefined
 	});
 }