Avoiding PUT/POST to rebound data #615

Open
wants to merge 1 commit into
from

Conversation

Projects
None yet
6 participants

full_dehydrate assumes bundle.data to be empty so it just populates elements from bundle.obj. This works fine with GET. However, when POST or PUT request are done the same bundle goes through all the flow. As a result, data that came from the request and is not part of the resource is rebounded in the response.

The fix avoids this problem by reseting bundle.data to an empty dictionary before starting the dehydration process.

When using Tastypie with BackboneJS, this data rebounded tampers models causing side effects very hard to detect.

Cheers,
Javi

This pull request fails (merged 438d642 into 9479190).

Contributor

joshbohde commented Aug 13, 2012

Thanks for the pull request. Before this could get merged, we'd need to have a failing test, per our contribution guidelines.

Thanks Josh. I've just added a test for it.

Cheers,
Javi

This pull request passes (merged df29682 into 5397dec).

Contributor

ondrowan commented Sep 5, 2012

What's the status on this? I like this solution. My only concern is if there aren't cases when contents of bundle.data might be useful. Couldn't come up with any use cases though.

roysmith commented Nov 5, 2012

I just got bitten by this exact bug (see https://groups.google.com/d/topic/django-tastypie/WE_d92Fkl-I/discussion). It would be great if this patch could be included in the next release.

@SeanHayes SeanHayes added this to the v0.14.0 milestone Feb 20, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment