prism icon indicating copy to clipboard operation
prism copied to clipboard

Published 20 hours ago verified publisher icon stoplightio

Feature request: request header to ignore request validation

Open treyturner opened this issue 2 years ago • 3 comments

User Story Description

As a user, I need a way to indicate to Prism on a per-request basis that a request should not be validated because it intentionally violates the API contract for the purposes of testing the AUT's graceful response.

This is possible on a global level via a --validate-request false command line argument, but it's important that we only skip request validation in instances where we specifically intend to violate the contract, otherwise we miss other opportunities to refine our contract or ensure our tests' validity.

Acceptance Criteria

  • [ ] A user can pass some header (x-prism-skip-request-validation?) to indicate to Prism that the request should not be validated

Sprint Ready Checklist

  • [ ] Acceptance criteria defined
  • [ ] Team understands acceptance criteria
  • [ ] Team has defined solution / steps to satisfy acceptance criteria
  • [ ] Acceptance criteria is verifiable / testable
  • [ ] External / 3rd Party dependencies identified

treyturner avatar Nov 11 '22 22:11 treyturner

Note to whoever picks this up - the global prism config has 'validateRequest' and 'validateResponse' defaulting to true so we can mirror this on a per-request basis. Also let's use the prefer header instead of a custom header.

This might look like: curl -i http://localhost:4010/todos -H "prefer: validate-request=false, validate-response=false"

fcasad avatar Nov 19 '22 06:11 fcasad

@ryotrellim could you take a look at this and help us figure out a priority for this? @treyturner what impact does this have on the items you're trying to achieve, and what priority would you give this?

chohmann avatar Dec 02 '22 17:12 chohmann

@chohmann This doesn't directly impact any items I'm trying to achieve per se. It would enable us (and all Prism users) to harden our services and contracts by enabling request validation globally and disabling it as appropriate on a per-test basis.

Without this, because most comprehensive e2e test suites quickly break the request contract, request validation must be disabled globally, so we don't get the benefit of request validation.

I think it's a great idea! 😃 But I don't know what else is in the backlog or feel equipped to give it a priority.

treyturner avatar Dec 05 '22 22:12 treyturner