Giters

contributte / apitte

:wrench: An opinionated and enjoyable API framework based on Nette Framework. Supporting content negotiation, debugging, middlewares, attributes, annotations and loving openapi/swagger.

Home Page:https://contributte.org/packages/contributte/apitte/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Request entity with GET request + payload support of individual http methods

mabar opened this issue · comments

commented

Default implementation of request entity (BaseEntity) uses query parameters instead of body to create request entity in case request is GET.
https://github.com/apitte/core/blob/master/src/Mapping/Request/BasicEntity.php#L31-L33

That's imho unexpected and unwanted. We have RequestParameter for query parameters and documentation and also apitte/openapi counts with that behavior

What we should imho do:

  1. Remove support for creation of entity from query parameters in case of GET request (there are other methods which technically shouldn't be used with payload, see below)

  2. Throw error, if RequestBody is defined in combination with uncompatible HTTP method (and hint user it can be turned off, for BC)

  3. Reject request with uncompatible combination of HTTP method and payload (and log error with note it can be turned off, for BC)

  4. Add option to turn off changes from 2. and 3. for BC

Methods and their payload compatibility (as defined by RFC 7231)

HEAD - No defined body semantics.
GET - No defined body semantics.
PUT - Body supported.
POST - Body supported.
DELETE - No defined body semantics.
TRACE - Body not supported.
OPTIONS - Body supported but no semantics on usage (maybe in the future).
CONNECT - No defined body semantics

Payload-uncompatible methods are:

  • TRACE - payload is not supported at all and MUST throw error
  • HEAD, GET, DELETE, CONNECT - payload has no defined semantics and SHOULD throw error

e.g. Swagger UI (which uses openapi) and Postman reject to create GET request with request body, we should act same way