-
Notifications
You must be signed in to change notification settings - Fork 78
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
JSONAPI.ContentTypeNegotiation ignore some methods for validation #320
Comments
The referenced plug specifically checks that the Content-Type request header is valid. Since that header specifies the type of the request body, it is not relevant for HEAD, GET, or DELETE requests. One could theoretically be a stickler and deny a request that has no body but still specifies a Contnet-Type (of any value), but that’s probably rarely done in practice. |
On second thought, since the plug does bother to validate the accept header as well, it does look like a bug that it ignores some http verbs. Would be better if it validated content-type and accept for put/post/patch and still validated accept for get requests. |
@mattpolzin thank you for you answer updated MIME configuration accroding docs, this will allow control of content at the application level config :mime, :types, %{
"application/vnd.api+json" => ["json-api"]
} and my pipeline pipeline :api do
plug :accepts, ["json-api"]
plug JSONAPI.EnsureSpec
plug JSONAPI.Deserializer
plug JSONAPI.UnderscoreParameters
end |
Looking good! |
Thank you for your work, I am integrating your lib into my application and I have a question.
Seen source code of
JSONAPI.ContentTypeNegotiation
for validation and I'm surprised that he's ignoring some of the methodsbecause spec requires that communication between the client and servers should be done with the
application/vnd.api+json
header.Could you clarify that point
The text was updated successfully, but these errors were encountered: