10 files changed, 36 insertions, 29 deletions

diff --git a/http/http_request.hpp b/http/http_request.hpp
index 3a36a119c2..e59f84b810 100644
--- a/http/http_request.hpp
+++ b/http/http_request.hpp
@@ -25,8 +25,6 @@ struct Request
 
     bool isSecure{false};
 
-    std::string& body;
-
     boost::asio::io_context* ioService{};
     boost::asio::ip::address ipAddress{};
 
@@ -35,8 +33,15 @@ struct Request
     std::string userRole{};
     Request(boost::beast::http::request<boost::beast::http::string_body> reqIn,
             std::error_code& ec) :
-        req(std::move(reqIn)),
-        body(req.body())
+        req(std::move(reqIn))
+    {
+        if (!setUrlInfo())
+        {
+            ec = std::make_error_code(std::errc::invalid_argument);
+        }
+    }
+
+    Request(std::string_view bodyIn, std::error_code& ec) : req({}, bodyIn)
     {
         if (!setUrlInfo())
         {
@@ -45,15 +50,15 @@ struct Request
     }
 
     Request(const Request& other) :
-        req(other.req), isSecure(other.isSecure), body(req.body()),
-        ioService(other.ioService), ipAddress(other.ipAddress),
-        session(other.session), userRole(other.userRole)
+        req(other.req), isSecure(other.isSecure), ioService(other.ioService),
+        ipAddress(other.ipAddress), session(other.session),
+        userRole(other.userRole)
     {
         setUrlInfo();
     }
 
     Request(Request&& other) noexcept :
-        req(std::move(other.req)), isSecure(other.isSecure), body(req.body()),
+        req(std::move(other.req)), isSecure(other.isSecure),
         ioService(other.ioService), ipAddress(std::move(other.ipAddress)),
         session(std::move(other.session)), userRole(std::move(other.userRole))
     {
@@ -94,6 +99,11 @@ struct Request
         return req.base();
     }
 
+    const std::string& body() const
+    {
+        return req.body();
+    }
+
     bool target(std::string_view target)
     {
         req.target(target);
diff --git a/http/parsing.hpp b/http/parsing.hpp
index df63fcaf28..f16d8903da 100644
--- a/http/parsing.hpp
+++ b/http/parsing.hpp
@@ -29,7 +29,7 @@ inline JsonParseResult parseRequestAsJson(const crow::Request& req,
         return JsonParseResult::BadContentType;
 #endif
     }
-    jsonOut = nlohmann::json::parse(req.body, nullptr, false);
+    jsonOut = nlohmann::json::parse(req.body(), nullptr, false);
     if (jsonOut.is_discarded())
     {
         BMCWEB_LOG_WARNING << "Failed to parse json in request";
diff --git a/include/ibm/management_console_rest.hpp b/include/ibm/management_console_rest.hpp
index c56b3909c1..e1b7f83949 100644
--- a/include/ibm/management_console_rest.hpp
+++ b/include/ibm/management_console_rest.hpp
@@ -117,7 +117,7 @@ inline void handleFilePut(const crow::Request& req,
     BMCWEB_LOG_DEBUG << "saveAreaDirSize: " << saveAreaDirSize;
 
     // Get the file size getting uploaded
-    const std::string& data = req.body;
+    const std::string& data = req.body();
     BMCWEB_LOG_DEBUG << "data length: " << data.length();
 
     if (data.length() < minSaveareaFileSize)
diff --git a/include/image_upload.hpp b/include/image_upload.hpp
index ab2901ee2b..18a0c09b78 100644
--- a/include/image_upload.hpp
+++ b/include/image_upload.hpp
@@ -99,7 +99,7 @@ inline void
     BMCWEB_LOG_DEBUG << "Writing file to " << filepath;
     std::ofstream out(filepath, std::ofstream::out | std::ofstream::binary |
                                     std::ofstream::trunc);
-    out << req.body;
+    out << req.body();
     out.close();
     timeout.async_wait(timeoutHandler);
 }
diff --git a/include/login_routes.hpp b/include/login_routes.hpp
index e3b8c195d2..00debb5531 100644
--- a/include/login_routes.hpp
+++ b/include/login_routes.hpp
@@ -37,7 +37,8 @@ inline void requestRoutes(App& app)
         // Check if auth was provided by a payload
         if (contentType.starts_with("application/json"))
         {
-            loginCredentials = nlohmann::json::parse(req.body, nullptr, false);
+            loginCredentials =
+                nlohmann::json::parse(req.body(), nullptr, false);
             if (loginCredentials.is_discarded())
             {
                 BMCWEB_LOG_DEBUG << "Bad json in request";
diff --git a/include/multipart_parser.hpp b/include/multipart_parser.hpp
index 482426997d..adeeccb4df 100644
--- a/include/multipart_parser.hpp
+++ b/include/multipart_parser.hpp
@@ -74,8 +74,8 @@ class MultipartParser
         lookbehind.resize(boundary.size() + 8);
         state = State::START;
 
-        const char* buffer = req.body.data();
-        size_t len = req.body.size();
+        const char* buffer = req.body().data();
+        size_t len = req.body().size();
         char cl = 0;
 
         for (size_t i = 0; i < len; i++)
diff --git a/redfish-core/lib/certificate_service.hpp b/redfish-core/lib/certificate_service.hpp
index 178e38de0d..cdeb2103a8 100644
--- a/redfish-core/lib/certificate_service.hpp
+++ b/redfish-core/lib/certificate_service.hpp
@@ -59,7 +59,7 @@ inline std::string getCertificateFromReqBody(
     if (ret != JsonParseResult::Success)
     {
         // We did not receive JSON request, proceed as it is RAW data
-        return req.body;
+        return req.body();
     }
 
     std::string certificate;
diff --git a/redfish-core/lib/update_service.hpp b/redfish-core/lib/update_service.hpp
index d7dfbc4988..0d4c1b70b5 100644
--- a/redfish-core/lib/update_service.hpp
+++ b/redfish-core/lib/update_service.hpp
@@ -546,7 +546,7 @@ inline void
     BMCWEB_LOG_DEBUG << "Writing file to " << filepath;
     std::ofstream out(filepath, std::ofstream::out | std::ofstream::binary |
                                     std::ofstream::trunc);
-    out << req.body;
+    out << req.body();
     out.close();
     BMCWEB_LOG_DEBUG << "file upload complete!!";
 }
diff --git a/redfish-core/src/utils/json_utils.cpp b/redfish-core/src/utils/json_utils.cpp
index 89723ccd12..5daf95b058 100644
--- a/redfish-core/src/utils/json_utils.cpp
+++ b/redfish-core/src/utils/json_utils.cpp
@@ -37,7 +37,7 @@ bool processJsonFromRequest(crow::Response& res, const crow::Request& req,
         messages::unrecognizedRequestBody(res);
         return false;
     }
-    reqJson = nlohmann::json::parse(req.body, nullptr, false);
+    reqJson = nlohmann::json::parse(req.body(), nullptr, false);
 
     if (reqJson.is_discarded())
     {
diff --git a/test/redfish-core/include/utils/json_utils_test.cpp b/test/redfish-core/include/utils/json_utils_test.cpp
index b4d1062b24..e97edf9641 100644
--- a/test/redfish-core/include/utils/json_utils_test.cpp
+++ b/test/redfish-core/include/utils/json_utils_test.cpp
@@ -271,10 +271,11 @@ TEST(ReadJsonPatch, ValidElementsReturnsTrueResponseOkValuesUnpackedCorrectly)
 {
     crow::Response res;
     std::error_code ec;
-    crow::Request req({}, ec);
+    crow::Request req("{\"integer\": 1}", ec);
+
     // Ignore errors intentionally
-    req.body = "{\"integer\": 1}";
     req.req.set(boost::beast::http::field::content_type, "application/json");
+
     int64_t integer = 0;
     ASSERT_TRUE(readJsonPatch(req, res, "integer", integer));
     EXPECT_EQ(res.result(), boost::beast::http::status::ok);
@@ -286,9 +287,8 @@ TEST(ReadJsonPatch, EmptyObjectReturnsFalseResponseBadRequest)
 {
     crow::Response res;
     std::error_code ec;
-    crow::Request req({}, ec);
+    crow::Request req("{}", ec);
     // Ignore errors intentionally
-    req.body = "{}";
 
     std::optional<int64_t> integer = 0;
     ASSERT_FALSE(readJsonPatch(req, res, "integer", integer));
@@ -300,10 +300,9 @@ TEST(ReadJsonPatch, OdataIgnored)
 {
     crow::Response res;
     std::error_code ec;
-    crow::Request req({}, ec);
+    crow::Request req(R"({"@odata.etag": "etag", "integer": 1})", ec);
     req.req.set(boost::beast::http::field::content_type, "application/json");
     // Ignore errors intentionally
-    req.body = R"({"@odata.etag": "etag", "integer": 1})";
 
     std::optional<int64_t> integer = 0;
     ASSERT_TRUE(readJsonPatch(req, res, "integer", integer));
@@ -316,9 +315,8 @@ TEST(ReadJsonPatch, OnlyOdataGivesNoOperation)
 {
     crow::Response res;
     std::error_code ec;
-    crow::Request req({}, ec);
+    crow::Request req(R"({"@odata.etag": "etag"})", ec);
     // Ignore errors intentionally
-    req.body = R"({"@odata.etag": "etag"})";
 
     std::optional<int64_t> integer = 0;
     ASSERT_FALSE(readJsonPatch(req, res, "integer", integer));
@@ -330,10 +328,9 @@ TEST(ReadJsonAction, ValidElementsReturnsTrueResponseOkValuesUnpackedCorrectly)
 {
     crow::Response res;
     std::error_code ec;
-    crow::Request req({}, ec);
+    crow::Request req("{\"integer\": 1}", ec);
     req.req.set(boost::beast::http::field::content_type, "application/json");
     // Ignore errors intentionally
-    req.body = "{\"integer\": 1}";
 
     int64_t integer = 0;
     ASSERT_TRUE(readJsonAction(req, res, "integer", integer));
@@ -346,10 +343,9 @@ TEST(ReadJsonAction, EmptyObjectReturnsTrueResponseOk)
 {
     crow::Response res;
     std::error_code ec;
-    crow::Request req({}, ec);
+    crow::Request req({"{}"}, ec);
     req.req.set(boost::beast::http::field::content_type, "application/json");
     // Ignore errors intentionally
-    req.body = "{}";
 
     std::optional<int64_t> integer = 0;
     ASSERT_TRUE(readJsonAction(req, res, "integer", integer));