#44702 closed enhancement (wontfix)
Lack of validation for the REST request method
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | normal | Version: | 4.4 |
| Component: | REST API | Keywords: | has-patch has-unit-tests close reporter-feedback |
| Focuses: | rest-api | Cc: |
Description
When registering a REST API endpoint it is possible to set a request method. Like GET, PUT, POST, etcetera. This is awesome, however there is no validation to verify if the REST method is a valid one (https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods) .
I think we should have validation for it.
Attachments (2)
Change History (7)
#1
@
7 years ago
- Focuses rest-api added
- Keywords needs-patch added
- Type changed from defect (bug) to enhancement
- Version changed from trunk to 4.4
#3
@
7 years ago
- Keywords close reporter-feedback added
What would be the benefit of this validation? The REST API server doesn't enforce any semantics about the HTTP method chosen. It'll happily match to any HTTP method and pass on a request body if it exists.
I don't think people should be stopped from using a custom HTTP method if they want to. Additionally, I'm not sure we could even enforce this at this point without breaking BC.
#4
@
6 years ago
- Milestone Awaiting Review deleted
- Resolution set to wontfix
- Status changed from new to closed
Closing based on the above comment. @andizer feel free to reopen if you get a chance to provide more explanation.
#5
@
6 years ago
I can live with the closing of this issue. The reason for this was that there are pre-defined http methods and if a user uses a 'wrong' / unknown method the request flow might break or just acts in another behaviour. On the other side, if someone use a wrong one he might encounter this issue and can fix it. Thanks!
Proposal for a possible fix