Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Body parameters shadows query parameters #827

Open
FredM opened this issue Oct 2, 2019 · 3 comments
Open

Body parameters shadows query parameters #827

FredM opened this issue Oct 2, 2019 · 3 comments
Labels
enhancement help wanted

Comments

@FredM
Copy link

FredM commented Oct 2, 2019
edited
Loading

More an edge case than a real issue: if a body parameters has the exact same name as a query parameter, then the body parameter will override the value.

For example, consider this route definition (with MySchema defined elsewhere)

import falcon
import hug
from marshmallow import fields
@hug.post(["test/{param_1}/route/{param_2}"], status=falcon.HTTP_201)
def my_route(
    request,
    response,
    param_1: fields.Str(description="A param"),
    param_2: fields.Str(description="Another param"),
    body: MySchema(),
):
    print(param_1)
    print(param_2)

If I call it like that

POST /test/first_value/route/second_value
[...]
{
  "body_param": "a body param value",
  "param_2": "overwritten_value"
}

then the output will be

first_value
overwritten_value

Even if MySchema does not define param_2 (stripping param_2 key from the body), the value gets overwritten.
@jay-tyler
Copy link
Contributor

@FredM Thanks for the report, and I can reproduce this. Although I'm puzzling a bit over what the correct behavior should be.

Are you aware of any standards for describing what takes precedence? i.e. If duplicate data exists for the POST params and body, which are we supposed to use?

@FredM
Copy link
Author

FredM commented Feb 10, 2020

I don't see a formal answer for this case.

Here are some interesting thoughts about that issue
https://dzone.com/articles/rest-api-path-vs-request-body-parameters
https://stackoverflow.com/questions/38985131/does-it-make-sense-to-use-both-query-and-body-parameters-in-a-post-request-for-a
From this second post I would say that, even though it should be avoided, both can exists and it is up to the server to decide which should be used. And the API I was working on at the time had this dilemma.

Here, Hug chooses for us that it is the body parameter that take precedence. It would be nice to have some way to retrieve the query value

@jay-tyler
Copy link
Contributor

Here, Hug chooses for us that it is the body parameter that take precedence. It would be nice to have some way to retrieve the query value

Ok, I like this suggestion, especially if there isn't a formal/RFC based answer to the question.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement help wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@FredM @jay-tyler