Comments (7)
Hey @samijnih, As per my understanding of the spec, fuck it
, and fuck this too
are perfectly valid media types. Quoting the related parts of the specification:
Servers MUST respond with a
415 Unsupported Media Type
status code if a request specifies the headerContent-Type: application/vnd.api+json
with any media type parameters other thanprofile
.
Servers MUST respond with a
406 Not Acceptable
status code if a requestβsAccept
header contains the JSON:API media type and all instances of that media type are modified with a media type parameter other thanprofile
.
All this means is that servers are not obliged to return an error, unless the application/vnd.api+json
is present in (at least) one of headers and it is modified with a parameter other than profile
.
from yin.
Hi @kocsismate
Thanks for taking time.
First of all from my understanding of the spec, it's about Client Side Responsabilities to send Content-Type
with the JSON API media type.
Clients MUST send all JSON:API data in request documents with the header Content-Type: application/vnd.api+json without any media type parameters.
I think it should be cool to get at least a 415 HTTP code in case you don't give application/vnd.api+json
like in the screenshots above from my postman about the client request headers.
What do you think?
from yin.
I'm very confused because actually your regex does not let me just put Content-Type: application/vnd.api+json
without specifying a profile.
I have done that in your method to get negotiate work with or without a profile.
protected function isValidMediaTypeHeader(string $headerName): bool
{
$header = $this->getHeaderLine($headerName);
// The media type is modified by media type parameters
$matches = [];
$isMatching = preg_match("/^.*application\/vnd\.api\+json\s*(;\s*([A-Za-z0-9]+)\s*=.*?)?$/i", $header, $matches);
return $isMatching === 1 || (isset($matches[1]) && strtolower($matches[1]) === "profile");
}
The spec does not treat about returning a 415 http code in case you don't give any profile and so, your regexp does not allow me to just give the json api media type from the client side
from yin.
I think it should be cool to get at least a 415 HTTP code in case you don't give application/vnd.api+json like in the screenshots above from my postman about the client request headers.
You can implement this in your application, but doing so at the framework level would cause problems for anybody who wants to strictly follow the specification.
The spec does not treat about returning a 415 http code in case you don't give any profile and so, your regexp does not allow me to just give the json api media type from the client side
Unfortuantely, I don't exactly get what you wrote. Could you please elaborate? Anyway, what I can tell for sure is that application/vnd.api+json
is a valid JSON:API content type. Just have a look at it in the tests: https://github.com/woohoolabs/yin/blob/master/tests/JsonApi/Negotiation/RequestValidatorTest.php#L275
from yin.
@kocsismate my point is if I call negotiate
, I'm expecting an exception to be raised or a 415 response code if I don't give application/vnd.api+json
for Content-Type like on my first screenshots
from yin.
my point is if I call negotiate, I'm expecting an exception to be raised or a 415 response code if I don't give application/vnd.api+json for Content-Type like on my first screenshots
Yeah, I see what you want, however this is against the specification. I remember that there used to be issues in the past when people wanted to explore a JSON:API directly from browsers which by default send the Accept: text/html
. If I implemented your feature request, this would be impossible to do from now on.
However, as a workaround, you could provide your custom implementation for RequestInterface::validateAcceptHeader
and RequestInterface::validateContentTypeHeader()
, or it's also possible to even extend the RequestValidator
class, and override its negotiate()
method. But on the framework level, this change shouldn't be implemented in my opinion.
That being said, I'm closing this PR.
from yin.
It's good for me. I don't wanna break the official spec :) π
from yin.
Related Issues (20)
- Error in createResourceIdInvalidException HOT 3
- Parsed body always contains an empty array when using Symfony requests HOT 4
- Missing data in response if using omitDataWhenNotIncluded HOT 7
- Passing the DomainObject to the validateRequest() method of the hydrator class HOT 10
- [PHP8] Method ReflectionParameter::getClass() is deprecated HOT 3
- Data Transformer array_merge problem HOT 2
- The package doesn't support psr/http-message v2 HOT 1
- Using same temp stream in multiple requests HOT 1
- Possible bug in OffsetBasedPagination HOT 6
- Exception code 0 HOT 2
- Hydrating same type (child, parent) related entity HOT 2
- Feature request: InfoDocument support HOT 1
- How to hydrate a POST request with multiple resources HOT 4
- Using validateJsonBody() before getResource() makes request body empty HOT 3
- Problem with recursive relations HOT 1
- AbstractLinks::transform() generates invalid "prev" / "next" links HOT 3
- Incorrect encoding of (pagination) query parameters HOT 6
- Throw Exception if 'data' and 'errors' coexist in the request body HOT 3
- Add support for PSR-17 Http factory HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from yin.