flask-rest-jsonapi icon indicating copy to clipboard operation
flask-rest-jsonapi copied to clipboard

Published 20 hours ago verified publisher icon miLibris

Invalid conditions in check_headers decorator

Open artezio-andreym opened this issue 6 years ago • 0 comments
trafficstars

Hello,

According to the documentation every POST and PATCH methods should contain headers:

Content-Type: application/vnd.api+json
Accept: application/vnd.api+json

otherwise the exception should be risen.

The point of the issue is that there is a check_headers decorator implemented in flask_rest_jsonapi.decorators:check_headers which never returns errors even if the request doesn't have correct header because these conditions will never be in True.

def check_headers(func):
    ...
        if request.method in ('POST', 'PATCH'):
            if 'Content-Type' in request.headers and\
                    'application/vnd.api+json' in request.headers['Content-Type'] and\
                    request.headers['Content-Type'] != 'application/vnd.api+json':
                error = json.dumps(jsonapi_errors([{'source': '',
                                                    'detail': "Content-Type header must be application/vnd.api+json",
                                                    'title': 'Invalid request header',
                                                    'status': '415'}]), cls=JSONEncoder)
                return make_response(error, 415, {'Content-Type': 'application/vnd.api+json'})
    ...
        return func(*args, **kwargs)
    return wrapper

Instead of the correct error message jsonapi returns:

{
  "errors": [
    {
      "detail": "Object must include `data` key.",
      "source": {
        "pointer": "/"
      },
      "status": "422",
      "title": "Validation error"
    }
  ],
  "jsonapi": {
    "version": "1.0"
  }
}

@akira-dev could you please review the condition and fix the issue?

I've created Pull Request with possible solution.

artezio-andreym avatar Jun 07 '19 09:06 artezio-andreym