Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Multiple params not allowed errors not returned in response #1290

Open
scottgonzalez opened this issue Nov 1, 2019 · 1 comment

Comments

@scottgonzalez
Copy link
Collaborator

@scottgonzalez scottgonzalez commented Nov 1, 2019

This issue is a (choose one):

  • Problem/bug report.
  • Feature request.
  • Request for support. Note: Please try to avoid submitting issues for support requests. Use Gitter instead.

Checklist before submitting:

  • I've searched for an existing issue.
  • I've asked my question on Gitter and have not received a satisfactory answer.
  • I've included a complete bug report template. This step helps us and allows us to see the bug without trying to reproduce the problem from your description. It helps you because you will frequently detect if it's a problem specific to your project.
  • The feature I'm asking for is compliant with the JSON:API spec.

Description

Choose one section below and delete the other:

Bug reports:

When multiple invalid parameters are provided, only the first error is included in the response. This behavior changed in d177c22:

if JSONAPI.configuration.raise_if_parameters_not_allowed
fail JSONAPI::Exceptions::ParameterNotAllowed.new(attr_key, error_object_overrides)
else
params_not_allowed.push(attr_key)
value.delete attr_key
end

@scottgonzalez

This comment has been minimized.

Copy link
Collaborator Author

@scottgonzalez scottgonzalez commented Nov 7, 2019

This change was made to prevent a DOS attack by providing a request with a million invalid fields. We should allow a configuration option for the maximum number of errors allowed to be returned. If we default to 10, that should cover returning all errors in 99% of cases, while not overloading the server.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
1 participant
You can’t perform that action at this time.