hug icon indicating copy to clipboard operation
hug copied to clipboard

Published 20 hours ago verified publisher icon hugapi

Body parameters shadows query parameters

Open FredM opened this issue 5 years ago • 3 comments

More an edge case than a real issue: if a body parameters has the exact same name as a query parameter, then the body parameter will override the value.

For example, consider this route definition (with MySchema defined elsewhere)

import falcon
import hug
from marshmallow import fields
@hug.post(["test/{param_1}/route/{param_2}"], status=falcon.HTTP_201)
def my_route(
    request,
    response,
    param_1: fields.Str(description="A param"),
    param_2: fields.Str(description="Another param"),
    body: MySchema(),
):
    print(param_1)
    print(param_2)

If I call it like that

POST /test/first_value/route/second_value
[...]
{
  "body_param": "a body param value",
  "param_2": "overwritten_value"
}

then the output will be

first_value
overwritten_value

Even if MySchema does not define param_2 (stripping param_2 key from the body), the value gets overwritten.

FredM avatar Oct 02 '19 20:10 FredM

@FredM Thanks for the report, and I can reproduce this. Although I'm puzzling a bit over what the correct behavior should be.

Are you aware of any standards for describing what takes precedence? i.e. If duplicate data exists for the POST params and body, which are we supposed to use?

jay-tyler avatar Feb 09 '20 23:02 jay-tyler

I don't see a formal answer for this case.

Here are some interesting thoughts about that issue https://dzone.com/articles/rest-api-path-vs-request-body-parameters https://stackoverflow.com/questions/38985131/does-it-make-sense-to-use-both-query-and-body-parameters-in-a-post-request-for-a From this second post I would say that, even though it should be avoided, both can exists and it is up to the server to decide which should be used. And the API I was working on at the time had this dilemma.

Here, Hug chooses for us that it is the body parameter that take precedence. It would be nice to have some way to retrieve the query value

FredM avatar Feb 10 '20 13:02 FredM

Here, Hug chooses for us that it is the body parameter that take precedence. It would be nice to have some way to retrieve the query value

Ok, I like this suggestion, especially if there isn't a formal/RFC based answer to the question.

jay-tyler avatar Feb 10 '20 17:02 jay-tyler