Request entity with GET request + payload support of individual http methods
mabar opened this issue · comments
Default implementation of request entity (BaseEntity) uses query parameters instead of body to create request entity in case request is GET.
https://github.com/apitte/core/blob/master/src/Mapping/Request/BasicEntity.php#L31-L33
That's imho unexpected and unwanted. We have RequestParameter for query parameters and documentation and also apitte/openapi counts with that behavior
What we should imho do:
-
Remove support for creation of entity from query parameters in case of GET request (there are other methods which technically shouldn't be used with payload, see below)
-
Throw error, if RequestBody is defined in combination with uncompatible HTTP method (and hint user it can be turned off, for BC)
-
Reject request with uncompatible combination of HTTP method and payload (and log error with note it can be turned off, for BC)
-
Add option to turn off changes from 2. and 3. for BC
Methods and their payload compatibility (as defined by RFC 7231)
HEAD - No defined body semantics.
GET - No defined body semantics.
PUT - Body supported.
POST - Body supported.
DELETE - No defined body semantics.
TRACE - Body not supported.
OPTIONS - Body supported but no semantics on usage (maybe in the future).
CONNECT - No defined body semantics
Payload-uncompatible methods are:
- TRACE - payload is not supported at all and MUST throw error
- HEAD, GET, DELETE, CONNECT - payload has no defined semantics and SHOULD throw error
e.g. Swagger UI (which uses openapi) and Postman reject to create GET request with request body, we should act same way