jsonapi icon indicating copy to clipboard operation
jsonapi copied to clipboard
verified publisher icon beam-community

JSONAPI.ContentTypeNegotiation ignore some methods for validation

Open ravecat opened this issue 1 year ago • 4 comments

Thank you for your work, I am integrating your lib into my application and I have a question.

Seen source code of JSONAPI.ContentTypeNegotiation for validation and I'm surprised that he's ignoring some of the methods

  def call(%{method: method} = conn, _opts) when method in ["DELETE", "GET", "HEAD"], do: conn

  def call(conn, _opts) do
    conn
    |> content_type
    |> accepts
    |> respond
  end

because spec requires that communication between the client and servers should be done with the application/vnd.api+json header.

Could you clarify that point

ravecat avatar Jun 05 '24 15:06 ravecat

The referenced plug specifically checks that the Content-Type request header is valid. Since that header specifies the type of the request body, it is not relevant for HEAD, GET, or DELETE requests. One could theoretically be a stickler and deny a request that has no body but still specifies a Contnet-Type (of any value), but that’s probably rarely done in practice.

mattpolzin avatar Jun 05 '24 15:06 mattpolzin

On second thought, since the plug does bother to validate the accept header as well, it does look like a bug that it ignores some http verbs. Would be better if it validated content-type and accept for put/post/patch and still validated accept for get requests.

mattpolzin avatar Jun 05 '24 16:06 mattpolzin

@mattpolzin thank you for you answer

updated MIME configuration accroding docs, this will allow control of content at the application level

config :mime, :types, %{
  "application/vnd.api+json" => ["json-api"]
}

and my pipeline

  pipeline :api do
    plug :accepts, ["json-api"]
    plug JSONAPI.EnsureSpec
    plug JSONAPI.Deserializer
    plug JSONAPI.UnderscoreParameters
  end

ravecat avatar Jun 05 '24 16:06 ravecat

Looking good!

mattpolzin avatar Jun 05 '24 16:06 mattpolzin

This issue has been automatically marked as "stale:discard". We are sorry that we haven't been able to prioritize it yet. If this issue still relevant, please leave any comment if you have any new additional information that helps to solve this issue. We encourage you to create a pull request, if you can. We are happy to help you with that.

github-actions[bot] avatar Nov 05 '24 02:11 github-actions[bot]

Closing this issue after a prolonged period of inactivity. If this issue is still relevant, feel free to re-open the issue. Thank you!

github-actions[bot] avatar Nov 20 '24 02:11 github-actions[bot]