redocly-cli icon indicating copy to clipboard operation
redocly-cli copied to clipboard

Published 20 hours ago verified publisher icon Redocly

Encoding Object: should only be allowed in Request body object, mediaType: multipart OR x-www-form-urlencoded

Open jeremyfiel opened this issue 2 years ago • 10 comments

... refer to next comments

jeremyfiel avatar Dec 16 '22 19:12 jeremyfiel

ok, so another interesting twist on this validation.. the spec states encoding is only valid for request object and multipart or application/x-www-form-urlencoded

i was trying to add it to a response, so it looks like this is not valid and should be flagged.

edited...

jeremyfiel avatar Dec 16 '22 19:12 jeremyfiel

...

jeremyfiel avatar Dec 16 '22 21:12 jeremyfiel

i figured it out .. i was missing the headers mapping key

"content": {
	"multipart/mixed": {
		"schema": {
			"type": "object",
			"properties": {
				"file": {
					"type": "string",
					"format": "binary"
				},
				"_confirmMessage": {
					"$ref": "../../../common/shared/confirm-message-schema_v03.json"
				}
			},
			"additionalProperties": false,
			"required": [
				"file",
				"_confirmMessage"
			]
		},
		"encoding": {
			"file": {
				"headers": {
					"Content-Disposition": {
						"$ref": "#/components/headers/Content-Disposition"
					}
				},
				"contentType": "application/xml; charset=utf-8"
			},
			"_confirmMessage": {
				"contentType": "application/json"
			}
		}

but I still think there is an opportunity to increase the validation of Redocly tooling to restrict the encoding object to RequestBody Objects per the spec.

The encoding object SHALL only apply to requestBody objects when the media type is multipart or application/x-www-form- urlencoded.

jeremyfiel avatar Dec 16 '22 22:12 jeremyfiel

Good point @jeremyfiel.

We'll increase the validation for sure!

RomanHotsiy avatar Dec 29 '22 14:12 RomanHotsiy

related https://github.com/Redocly/redoc/issues/2444

jeremyfiel avatar Dec 05 '23 20:12 jeremyfiel

Hey @jeremyfiel, does a configurable rule like the following solve your problem?

rules:
  rule/encoding:
    subject:
      type: MediaType
      filterInParentKeys:
        - application/json
    assertions:
      disallowed:
        - encoding

tatomyr avatar Mar 05 '24 16:03 tatomyr

Sure, the rule works ok but this should be part of the OAS validation by the tooling. It's part of the spec that's not validated today by Redocly, as far as I can tell.

jeremyfiel avatar Mar 05 '24 16:03 jeremyfiel

I'm reluctant to write yet another built-in rule for that, or to extend the existing spec rule. What about introducing an extended 'recommended' ruleset that includes only configurable rules? I'm not sure though.

tatomyr avatar Mar 05 '24 16:03 tatomyr

The configurable rule is useful immediately, thanks @tatomyr!

I think this should be a standard check, but perhaps we can add a rule to our recommended set - this way, people can turn it off while they update their descriptions if it picks up problems.

lornajane avatar Mar 06 '24 10:03 lornajane

Spec wording clarified in https://github.com/OAI/OpenAPI-Specification/pull/3724

Pending approval for updating the JSON Schema for validation purposes. https://github.com/OAI/OpenAPI-Specification/pull/3837

jeremyfiel avatar May 21 '24 16:05 jeremyfiel