DELETE request with body not rejected #1100
Description
Hi,
We're using kin-openapi to validate requests against an OpenAPI 3.0.3 spec. For a DELETE operation, we have not defined a requestBody, which is valid according to the spec.
However, we noticed that if a client sends a body with this DELETE request, the validator does not reject it. Based on best practices, we expected the request to fail validation (e.g. with a 400 error), since a body was not defined or expected.
Is this expected behavior? Is there an option to make the validator reject unexpected bodies?
Or is this a missing feature or bug?
Thanks in advance.