-
-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
JSON endpoints accept 'text/plain' in JSON format #726
Comments
This is definitely a bug. Those two cases described in README are not valid anymore if the request content-type is omitted. Also if @cmaitchison Could you try to fix this or maybe write some specs? Thanks! |
Can do! Thanks for taking a look. |
Bump @cmaitchison, would love some help. |
Added a spec for the described issue. Seems like this only happens when default_format is set? When I comment it out, the spec will pass. |
@Morred this behaviour is by design I guess It's described few paragraphs above in README
So if we specified default_format, any unrecognized stuff will be treated as format defined by default_format (request/response headers). The other thing is when we don't provide any Content-Type header at all and we didn't set default_format. Then, sadly we don't have any checks performed that could return 406. I've already made some changes that make it possible so PR is coming. |
@rodzyn Thanks for clarifying, I assumed this part of the documentation means that default_format will only kick in if there is no content type specified and things with the wrong content type will still be rejected. |
Honestly I have the same feelings as @Morred about this part of the documentation mentioned above. Also some things are ambiguous to me in the current implementation with class API < Grape::API
format :json
default_format :json
post do
request.content_type # invalid/type
params # but the input is parsed as JSON already
end
end @cmaitchison mentioned that thing in the first comment
@dblock any thoughts? |
So there're two sides of the story: what you supply as content-type for POSTed content and what you have in an Accept header in return. So I think we want this:
This issue already is a confirmed bug (thx @dm1try), I'll take PRs in those lines with careful UPGRADING docs. |
is there any update on this issue? |
There's a spec in #877 and no fix. Someone please contribute. |
Ah, I wrote that spec, forever ago. Will have a look when I get a bit of free time this week! |
Hi, I'd like contribute if no one else is working on that. |
Please try HEAD from #1589, thanks @inclooder! |
According to the Grape documentation, this endpoint should only accept JSON requests, and all other formats should result in a
406
response code.I am finding that posting
text/plain
in JSON format does not result in a 406. Debugging within the endpoint shows thatenv['CONTENT_TYPE']
is indeedtext/plain
.The text was updated successfully, but these errors were encountered: