Page MenuHomePhabricator
Create Task
Maniphest T360434

REST: request body validation should fail if unexpected fields are present
Closed, ResolvedPublic
Actions

Description

The default validation for request bodies (per T358850 and T358557) should fail if the bodiy contains an unexpected field. This is useful of the client is trying to supply an optional fields under the wrong name, see https://gerrit.wikimedia.org/r/c/mediawiki/core/+/809322 I854046efe which implements this for JsonBodyValidator.

Details

SubjectRepoBranchLines +/-
REST: detect extraneous body fieldsmediawiki/coremaster+248 -14
Customize query in gerrit

Related Objects
Search...

Event Timeline

daniel created this task.Mar 19 2024, 1:59 PM
daniel moved this task from Incoming (Needs Triage) to In Progress on the MW-Interfaces-Team board.Mar 19 2024, 2:28 PM
gerritbot added a comment.Mar 19 2024, 2:57 PM

Change 1012690 had a related patch set uploaded (by Daniel Kinzler; author: Daniel Kinzler):

[mediawiki/core@master] REST: detect extraneous body fields

https://gerrit.wikimedia.org/r/1012690

gerritbot added a project: Patch-For-Review.Mar 19 2024, 2:57 PM
daniel updated the task description. (Show Details)Mar 27 2024, 9:24 AM
daniel claimed this task.Mar 28 2024, 3:04 PM
daniel triaged this task as High priority.
Tacsipacsi subscribed.Mar 28 2024, 10:19 PM

Couldn’t it be just a warning, like in the action API? There are cases in which it’s less convenient or even hardly possible to ensure no extra fields:

  • Two similar endpoints, one of which expects more data, and the caller decides last-minute which one to call.
  • The caller function gets data in a parameter, it processes some fields and passes the rest to the API; it doesn’t want to make a copy with only the fields actually used by the API.
  • Some fields are required on one wiki but unexpected on another (e.g. due to an extension being installed only on some wikis), and the caller isn’t able/willing to maintain a list of wikis that require that field.
gerritbot added a comment.Mar 30 2024, 8:53 PM

Change #1012690 merged by jenkins-bot:

[mediawiki/core@master] REST: detect extraneous body fields

https://gerrit.wikimedia.org/r/1012690

ReleaseTaggerBot added a project: MW-1.42-notes (1.42.0-wmf.25; 2024-04-02).Mar 30 2024, 9:00 PM
Maintenance_bot removed a project: Patch-For-Review.Mar 30 2024, 9:30 PM
daniel closed this task as Resolved.Apr 4 2024, 3:23 PM
daniel moved this task from In Progress to Needs Further Discussion on the MW-Interfaces-Team board.
daniel moved this task from Needs Further Discussion to Done on the MW-Interfaces-Team board.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits