express-openapi-validator icon indicating copy to clipboard operation
express-openapi-validator copied to clipboard
verified publisher icon cdimascio

Global "allowReservedInQueryParameters" flag

Open briangweber opened this issue 1 year ago • 1 comments

Is your feature request related to a problem? Please describe. We are migrating from the old swagger-tools library, which is much more permissive of reserved characters in the querystring. Express handles these parameters just fine either encoded or unencoded, so while best practices should be to encode query parameters, this validation is overly strict for our usage.

Describe the solution you'd like A global setting possibly under validateRequests to allow reserved characters in all query parameters.

Describe alternatives you've considered We could add allowReserved to all query parameters, but it is easy to miss them which can easily cause a production outage as clients start receiving 422 errors for previously permissible requests (happened today - user was passing 1234+ABC for a postal code).

Additional context I'm happy to collaborate on a fix or implement it with some guidance - I don't see a way to thread global settings through to the location where validation seems to be happening

briangweber avatar Jan 06 '25 15:01 briangweber

@briangweber thanks for the ticket. happy to work with you on a fix. feel free to submit a PR. thank you!

cdimascio avatar Jun 07 '25 01:06 cdimascio